Windows Analysis Report
INVOICE31401001340.exe

Overview

General Information

Sample name: INVOICE31401001340.exe
Analysis ID: 1411161
MD5: 27219bd7e8bc114b606c7fe41cccfa42
SHA1: 2b0ba6fb2b80c00694ccbdbdeddcad6bcbf9561c
SHA256: afd73149f827f82f0cd8da54e7ed9a3c3eec748ecb48113df83964899e3b731f
Infos:

Detection

Score: 50
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Compliance

Score: 30
Range: 0 - 100

Signatures

Detected unpacking (creates a PE file in dynamic memory)
.NET source code contains potential unpacker
Creates files in the system32 config directory
Initial sample is a PE file and has a suspicious name
Installs Task Scheduler Managed Wrapper
Queries memory information (via WMI often done to detect virtual machines)
Queries sensitive Plug and Play Device Information (via WMI, Win32_PnPEntity, often done to detect virtual machines)
Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
Queries sensitive physical memory information (via WMI, Win32_PhysicalMemory, often done to detect virtual machines)
Queries sensitive service information (via WMI, MSSMBios_RawSMBiosTables, often done to detect sandboxes)
Queries sensitive service information (via WMI, Win32_LogicalDisk, often done to detect sandboxes)
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Yara detected Costura Assembly Loader
Yara detected Generic Downloader
AV process strings found (often used to terminate AV products)
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Contains functionality to detect virtual machines (SLDT)
Contains functionality to launch a process as a different user
Contains long sleeps (>= 3 min)
Creates COM task schedule object (often to register a task for autostart)
Creates a process in suspended mode (likely to inject code)
Creates driver files
Creates files inside the system directory
Creates or modifies windows services
Deletes files inside the Windows folder
Detected potential crypto function
Dropped file seen in connection with other malware
Drops PE files
Drops PE files to the application program directory (C:\ProgramData)
Enables debug privileges
Enables security privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found inlined nop instructions (likely shell or obfuscated code)
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Is looking for software installed on the system
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Modifies existing windows services
PE file contains strange resources
Queries disk information (often used to detect virtual machines)
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: Suspicious Office Token Search Via CLI
Tries to load missing DLLs
Uses code obfuscation techniques (call, push, ret)
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
Yara detected Syncro Remote Tool

Classification

Compliance
barindex
Detected unpacking (creates a PE file in dynamic memory)
Source: C:\Program Files\RepairTech\LiveAgent\SyncroLive.Service.Runner.exe Unpacked PE file: 28.2.SyncroLive.Service.Runner.exe.23854620000.11.unpack
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\Update.exe Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\packages Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\packages\RELEASES Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\packages\Syncro-1.0.181.14910-full.nupkg Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\7za-x64.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\7za-x86.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\ar-SA Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\ar-SA\Syncro.App.resources.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\Autofac.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\config.json Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\cs-CZ Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\cs-CZ\Syncro.App.resources.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\CSharpFunctionalExtensions.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\da-DK Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\da-DK\Syncro.App.resources.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\de Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\de-DE Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\de-DE\Syncro.App.resources.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\DeltaCompressionDotNet.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\Destructurama.Attributed.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\de\Microsoft.Data.Edm.resources.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\de\Microsoft.Data.OData.resources.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\de\Microsoft.Data.Services.Client.resources.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\de\System.Spatial.resources.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\el-GR Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\el-GR\Syncro.App.resources.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\en Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\en\Syncro.App.resources.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\en\Syncro.Uninstaller.resources.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\es Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\es-ES Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\es-ES\Syncro.App.resources.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\es\Microsoft.Data.Edm.resources.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\es\Microsoft.Data.OData.resources.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\es\Microsoft.Data.Services.Client.resources.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\es\System.Spatial.resources.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\fi-FI Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\fi-FI\Syncro.App.resources.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\FluentCommandLineParser.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\Flurl.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\Flurl.Http.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\fr Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\fr-FR Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\fr-FR\Syncro.App.resources.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\fr\Microsoft.Data.Edm.resources.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\fr\Microsoft.Data.OData.resources.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\fr\Microsoft.Data.Services.Client.resources.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\fr\System.Spatial.resources.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\ICSharpCode.SharpZipLib.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\Images Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\Images\chat-bubbles-icon.png Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\Images\custom-logo.png Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\Images\kabuto-logo.ico Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\Interop.IWshRuntimeLibrary.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\Interop.NetFwTypeLib.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\Interop.WUApiLib.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\it Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\it-IT Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\it-IT\Syncro.App.resources.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\Itenso.TimePeriod.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\it\Microsoft.Data.Edm.resources.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\it\Microsoft.Data.OData.resources.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\it\Microsoft.Data.Services.Client.resources.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\it\System.Spatial.resources.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\ja Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\ja-JP Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\ja-JP\Syncro.App.resources.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\ja\Microsoft.Data.Edm.resources.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\ja\Microsoft.Data.OData.resources.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\ja\Microsoft.Data.Services.Client.resources.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\ja\System.Spatial.resources.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\JetBrains.Annotations.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\ko Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\ko\Microsoft.Data.Edm.resources.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\ko\Microsoft.Data.OData.resources.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\ko\Microsoft.Data.Services.Client.resources.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\ko\System.Spatial.resources.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\MetroFramework.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\MetroFramework.Fonts.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\Microsoft.Bcl.AsyncInterfaces.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\Microsoft.Data.Edm.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\Microsoft.Data.OData.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\Microsoft.Data.Services.Client.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\Microsoft.Web.XmlTransform.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\Microsoft.Win32.TaskScheduler.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\Mono.Cecil.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\Newtonsoft.Json.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\nl-NL Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\nl-NL\Syncro.App.resources.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\NuGet.Squirrel.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\Phoenix.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\pt-BR Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\pt-BR\Syncro.App.resources.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\RepairTech.Common.Tools.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\RepairTech.Common.Wpf.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\RestSharp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\RollbarSharp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\ru Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\ru-RU Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\ru-RU\Syncro.App.resources.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\ru\Microsoft.Data.Edm.resources.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\ru\Microsoft.Data.OData.resources.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\ru\Microsoft.Data.Services.Client.resources.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\ru\System.Spatial.resources.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\Serilog.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\Serilog.Formatting.Compact.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\Serilog.Sinks.Console.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\Serilog.Sinks.File.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\Serilog.Sinks.Literate.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\SevenZipSharp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\SharpCompress.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\SharpSnmpLib.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\sl-SI Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\sl-SI\Syncro.App.resources.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\Splat.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\Squirrel.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\Syncro.App.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\Syncro.App.dll.config Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\Syncro.App.Runner.exe Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\Syncro.Contracts.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\Syncro.Service.Configuration.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\Syncro.Service.exe Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\Syncro.Service.exe.config Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\Syncro.Service.Interfaces.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\Syncro.Service.Models.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\Syncro.Service.Runner.exe Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\Syncro.Service.Services.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\Syncro.Tools.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\Syncro.Uninstaller.exe Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\Syncro.Uninstaller.exe.config Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\Syncro.Uninstaller.Tools.exe Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\Syncro.Uninstaller.Tools.exe.config Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\System.Net.WebSockets.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\System.Runtime.CompilerServices.Unsafe.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\System.Runtime.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\System.Security.Cryptography.Algorithms.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\System.Security.Cryptography.Encoding.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\System.Security.Cryptography.Primitives.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\System.Security.Cryptography.X509Certificates.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\System.Spatial.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\System.Threading.Tasks.Extensions.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\System.ValueTuple.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\Telerik.Windows.Controls.ConversationalUI.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\Telerik.Windows.Controls.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\Telerik.Windows.Controls.Input.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\Telerik.Windows.Controls.Navigation.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\Telerik.Windows.Data.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\UrlCombineLib.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\websocket-sharp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\zh-CHS Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\zh-CHS\Syncro.App.resources.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\zh-Hans Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\zh-Hans\Microsoft.Data.Edm.resources.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\zh-Hans\Microsoft.Data.OData.resources.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\zh-Hans\Microsoft.Data.Services.Client.resources.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\zh-Hans\System.Spatial.resources.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\zh-Hant Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\zh-Hant\Microsoft.Data.Edm.resources.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\zh-Hant\Microsoft.Data.OData.resources.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\zh-Hant\Microsoft.Data.Services.Client.resources.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\zh-Hant\System.Spatial.resources.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\install.bat Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\InstallUtil.exe Directory created: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.InstallState Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Directory created: C:\Program Files\RepairTech\Syncro\packages\.betaId Jump to behavior
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\LiveAgent
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\LiveAgent\app-0.0.66.14351~f7fcc35a2d1947f693e0732f444c406e
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\LiveAgent\app-0.0.66.14351~f7fcc35a2d1947f693e0732f444c406e\Cassia.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\LiveAgent\app-0.0.66.14351~f7fcc35a2d1947f693e0732f444c406e\CSharpFunctionalExtensions.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\LiveAgent\app-0.0.66.14351~f7fcc35a2d1947f693e0732f444c406e\DeltaCompressionDotNet.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\LiveAgent\app-0.0.66.14351~f7fcc35a2d1947f693e0732f444c406e\deniszykov.WebSocketListener.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\LiveAgent\app-0.0.66.14351~f7fcc35a2d1947f693e0732f444c406e\Destructurama.Attributed.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\LiveAgent\app-0.0.66.14351~f7fcc35a2d1947f693e0732f444c406e\FluentCommandLineParser.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\LiveAgent\app-0.0.66.14351~f7fcc35a2d1947f693e0732f444c406e\Flurl.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\LiveAgent\app-0.0.66.14351~f7fcc35a2d1947f693e0732f444c406e\Flurl.Http.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\LiveAgent\app-0.0.66.14351~f7fcc35a2d1947f693e0732f444c406e\Interop.NetFwTypeLib.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\LiveAgent\app-0.0.66.14351~f7fcc35a2d1947f693e0732f444c406e\JetBrains.Annotations.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\LiveAgent\app-0.0.66.14351~f7fcc35a2d1947f693e0732f444c406e\Microsoft.Data.Edm.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\LiveAgent\app-0.0.66.14351~f7fcc35a2d1947f693e0732f444c406e\Microsoft.Data.OData.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\LiveAgent\app-0.0.66.14351~f7fcc35a2d1947f693e0732f444c406e\Microsoft.Data.Services.Client.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\LiveAgent\app-0.0.66.14351~f7fcc35a2d1947f693e0732f444c406e\Microsoft.Web.XmlTransform.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\LiveAgent\app-0.0.66.14351~f7fcc35a2d1947f693e0732f444c406e\Mixpanel.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\LiveAgent\app-0.0.66.14351~f7fcc35a2d1947f693e0732f444c406e\Mono.Cecil.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\LiveAgent\app-0.0.66.14351~f7fcc35a2d1947f693e0732f444c406e\Newtonsoft.Json.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\LiveAgent\app-0.0.66.14351~f7fcc35a2d1947f693e0732f444c406e\NuGet.Squirrel.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\LiveAgent\app-0.0.66.14351~f7fcc35a2d1947f693e0732f444c406e\OpenHardwareMonitorLib.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\LiveAgent\app-0.0.66.14351~f7fcc35a2d1947f693e0732f444c406e\RepairTech.Common.Tools.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\LiveAgent\app-0.0.66.14351~f7fcc35a2d1947f693e0732f444c406e\RepairTech.Common.Wpf.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\LiveAgent\app-0.0.66.14351~f7fcc35a2d1947f693e0732f444c406e\RollbarSharp.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\LiveAgent\app-0.0.66.14351~f7fcc35a2d1947f693e0732f444c406e\Serilog.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\LiveAgent\app-0.0.66.14351~f7fcc35a2d1947f693e0732f444c406e\Serilog.Formatting.Compact.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\LiveAgent\app-0.0.66.14351~f7fcc35a2d1947f693e0732f444c406e\Serilog.Sinks.Console.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\LiveAgent\app-0.0.66.14351~f7fcc35a2d1947f693e0732f444c406e\Serilog.Sinks.File.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\LiveAgent\app-0.0.66.14351~f7fcc35a2d1947f693e0732f444c406e\Serilog.Sinks.Literate.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\LiveAgent\app-0.0.66.14351~f7fcc35a2d1947f693e0732f444c406e\SharpCompress.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\LiveAgent\app-0.0.66.14351~f7fcc35a2d1947f693e0732f444c406e\SharpDX.Direct3D11.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\LiveAgent\app-0.0.66.14351~f7fcc35a2d1947f693e0732f444c406e\SharpDX.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\LiveAgent\app-0.0.66.14351~f7fcc35a2d1947f693e0732f444c406e\SharpDX.DXGI.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\LiveAgent\app-0.0.66.14351~f7fcc35a2d1947f693e0732f444c406e\SharpDX.Mathematics.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\LiveAgent\app-0.0.66.14351~f7fcc35a2d1947f693e0732f444c406e\Splat.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\LiveAgent\app-0.0.66.14351~f7fcc35a2d1947f693e0732f444c406e\Squirrel.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\LiveAgent\app-0.0.66.14351~f7fcc35a2d1947f693e0732f444c406e\SyncroLive.Agent.exe
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\LiveAgent\app-0.0.66.14351~f7fcc35a2d1947f693e0732f444c406e\SyncroLive.Agent.exe.config
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\LiveAgent\app-0.0.66.14351~f7fcc35a2d1947f693e0732f444c406e\SyncroLive.Agent.Runner.exe
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\LiveAgent\app-0.0.66.14351~f7fcc35a2d1947f693e0732f444c406e\SyncroLive.Interface.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\LiveAgent\app-0.0.66.14351~f7fcc35a2d1947f693e0732f444c406e\SyncroLive.Interface.dll.config
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\LiveAgent\app-0.0.66.14351~f7fcc35a2d1947f693e0732f444c406e\SyncroLive.Service.exe
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\LiveAgent\app-0.0.66.14351~f7fcc35a2d1947f693e0732f444c406e\SyncroLive.Service.exe.config
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\LiveAgent\app-0.0.66.14351~f7fcc35a2d1947f693e0732f444c406e\SyncroLive.Service.Runner.exe
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\LiveAgent\app-0.0.66.14351~f7fcc35a2d1947f693e0732f444c406e\SyncroLive.WindowsInput.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\LiveAgent\app-0.0.66.14351~f7fcc35a2d1947f693e0732f444c406e\System.Management.Automation.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\LiveAgent\app-0.0.66.14351~f7fcc35a2d1947f693e0732f444c406e\System.Numerics.Vectors.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\LiveAgent\app-0.0.66.14351~f7fcc35a2d1947f693e0732f444c406e\System.Runtime.CompilerServices.Unsafe.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\LiveAgent\app-0.0.66.14351~f7fcc35a2d1947f693e0732f444c406e\System.Runtime.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\LiveAgent\app-0.0.66.14351~f7fcc35a2d1947f693e0732f444c406e\System.Spatial.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\LiveAgent\app-0.0.66.14351~f7fcc35a2d1947f693e0732f444c406e\System.ValueTuple.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\LiveAgent\app-0.0.66.14351~f7fcc35a2d1947f693e0732f444c406e\Topshelf.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\LiveAgent\app-0.0.66.14351~f7fcc35a2d1947f693e0732f444c406e\UrlCombineLib.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\LiveAgent\app-0.0.66.14351~f7fcc35a2d1947f693e0732f444c406e\WebRTC.NET.SDK.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\LiveAgent\app-0.0.66.14351~f7fcc35a2d1947f693e0732f444c406e\x64
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\LiveAgent\app-0.0.66.14351~f7fcc35a2d1947f693e0732f444c406e\x64\turbojpeg.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\LiveAgent\app-0.0.66.14351~f7fcc35a2d1947f693e0732f444c406e\x64\WebRTC.Native.Internal.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\LiveAgent\app-0.0.66.14351~f7fcc35a2d1947f693e0732f444c406e\x86
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\LiveAgent\app-0.0.66.14351~f7fcc35a2d1947f693e0732f444c406e\x86\turbojpeg.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\LiveAgent\app-0.0.66.14351~f7fcc35a2d1947f693e0732f444c406e\x86\WebRTC.Native.Internal.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\LiveAgent\app-0.0.66.14351~f7fcc35a2d1947f693e0732f444c406e\ZetaLongPaths.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\LiveAgent\app-0.0.66.14351~f7fcc35a2d1947f693e0732f444c406e\config.json.{83e6fab5-4386-4338-bfa9-f383adf3dcd4}
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\LiveAgent\packages
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\LiveAgent\packages\RELEASES
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\LiveAgent\app-0.0.68.15635~b3ea396ce3964d88b4b8425873431883
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\LiveAgent\app-0.0.68.15635~b3ea396ce3964d88b4b8425873431883\Cassia.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\LiveAgent\app-0.0.68.15635~b3ea396ce3964d88b4b8425873431883\CSharpFunctionalExtensions.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\LiveAgent\app-0.0.68.15635~b3ea396ce3964d88b4b8425873431883\DeltaCompressionDotNet.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\LiveAgent\app-0.0.68.15635~b3ea396ce3964d88b4b8425873431883\deniszykov.WebSocketListener.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\LiveAgent\app-0.0.68.15635~b3ea396ce3964d88b4b8425873431883\Destructurama.Attributed.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\LiveAgent\app-0.0.68.15635~b3ea396ce3964d88b4b8425873431883\FluentCommandLineParser.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\LiveAgent\app-0.0.68.15635~b3ea396ce3964d88b4b8425873431883\Flurl.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\LiveAgent\app-0.0.68.15635~b3ea396ce3964d88b4b8425873431883\Flurl.Http.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\LiveAgent\app-0.0.68.15635~b3ea396ce3964d88b4b8425873431883\Interop.NetFwTypeLib.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\LiveAgent\app-0.0.68.15635~b3ea396ce3964d88b4b8425873431883\JetBrains.Annotations.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\LiveAgent\app-0.0.68.15635~b3ea396ce3964d88b4b8425873431883\Microsoft.Web.XmlTransform.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\LiveAgent\app-0.0.68.15635~b3ea396ce3964d88b4b8425873431883\Mono.Cecil.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\LiveAgent\app-0.0.68.15635~b3ea396ce3964d88b4b8425873431883\Newtonsoft.Json.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\LiveAgent\app-0.0.68.15635~b3ea396ce3964d88b4b8425873431883\NuGet.Squirrel.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\LiveAgent\app-0.0.68.15635~b3ea396ce3964d88b4b8425873431883\OpenHardwareMonitorLib.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\LiveAgent\app-0.0.68.15635~b3ea396ce3964d88b4b8425873431883\RepairTech.Common.Tools.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\LiveAgent\app-0.0.68.15635~b3ea396ce3964d88b4b8425873431883\RepairTech.Common.Wpf.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\LiveAgent\app-0.0.68.15635~b3ea396ce3964d88b4b8425873431883\RollbarSharp.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\LiveAgent\app-0.0.68.15635~b3ea396ce3964d88b4b8425873431883\Serilog.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\LiveAgent\app-0.0.68.15635~b3ea396ce3964d88b4b8425873431883\Serilog.Formatting.Compact.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\LiveAgent\app-0.0.68.15635~b3ea396ce3964d88b4b8425873431883\Serilog.Sinks.Console.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\LiveAgent\app-0.0.68.15635~b3ea396ce3964d88b4b8425873431883\Serilog.Sinks.File.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\LiveAgent\app-0.0.68.15635~b3ea396ce3964d88b4b8425873431883\Serilog.Sinks.Literate.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\LiveAgent\app-0.0.68.15635~b3ea396ce3964d88b4b8425873431883\SharpDX.Direct3D11.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\LiveAgent\app-0.0.68.15635~b3ea396ce3964d88b4b8425873431883\SharpDX.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\LiveAgent\app-0.0.68.15635~b3ea396ce3964d88b4b8425873431883\SharpDX.DXGI.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\LiveAgent\app-0.0.68.15635~b3ea396ce3964d88b4b8425873431883\SharpDX.Mathematics.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\LiveAgent\app-0.0.68.15635~b3ea396ce3964d88b4b8425873431883\Splat.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\LiveAgent\app-0.0.68.15635~b3ea396ce3964d88b4b8425873431883\Squirrel.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\LiveAgent\app-0.0.68.15635~b3ea396ce3964d88b4b8425873431883\SyncroLive.Agent.exe
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\LiveAgent\app-0.0.68.15635~b3ea396ce3964d88b4b8425873431883\SyncroLive.Agent.exe.config
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\LiveAgent\app-0.0.68.15635~b3ea396ce3964d88b4b8425873431883\SyncroLive.Agent.Runner.exe
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\LiveAgent\app-0.0.68.15635~b3ea396ce3964d88b4b8425873431883\SyncroLive.Interface.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\LiveAgent\app-0.0.68.15635~b3ea396ce3964d88b4b8425873431883\SyncroLive.Interface.dll.config
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\LiveAgent\app-0.0.68.15635~b3ea396ce3964d88b4b8425873431883\SyncroLive.Service.exe
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\LiveAgent\app-0.0.68.15635~b3ea396ce3964d88b4b8425873431883\SyncroLive.Service.exe.config
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\LiveAgent\app-0.0.68.15635~b3ea396ce3964d88b4b8425873431883\SyncroLive.Service.Runner.exe
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\LiveAgent\app-0.0.68.15635~b3ea396ce3964d88b4b8425873431883\SyncroLive.WindowsInput.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\LiveAgent\app-0.0.68.15635~b3ea396ce3964d88b4b8425873431883\System.Management.Automation.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\LiveAgent\app-0.0.68.15635~b3ea396ce3964d88b4b8425873431883\System.Numerics.Vectors.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\LiveAgent\app-0.0.68.15635~b3ea396ce3964d88b4b8425873431883\System.Runtime.CompilerServices.Unsafe.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\LiveAgent\app-0.0.68.15635~b3ea396ce3964d88b4b8425873431883\System.Runtime.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\LiveAgent\app-0.0.68.15635~b3ea396ce3964d88b4b8425873431883\System.ValueTuple.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\LiveAgent\app-0.0.68.15635~b3ea396ce3964d88b4b8425873431883\Topshelf.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\LiveAgent\app-0.0.68.15635~b3ea396ce3964d88b4b8425873431883\UrlCombineLib.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\LiveAgent\app-0.0.68.15635~b3ea396ce3964d88b4b8425873431883\WebRTC.NET.SDK.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\LiveAgent\app-0.0.68.15635~b3ea396ce3964d88b4b8425873431883\x64
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\LiveAgent\app-0.0.68.15635~b3ea396ce3964d88b4b8425873431883\x64\turbojpeg.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\LiveAgent\app-0.0.68.15635~b3ea396ce3964d88b4b8425873431883\x64\WebRTC.Native.Internal.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\LiveAgent\app-0.0.68.15635~b3ea396ce3964d88b4b8425873431883\x86
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\LiveAgent\app-0.0.68.15635~b3ea396ce3964d88b4b8425873431883\x86\turbojpeg.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\LiveAgent\app-0.0.68.15635~b3ea396ce3964d88b4b8425873431883\x86\WebRTC.Native.Internal.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\LiveAgent\app-0.0.68.15635~b3ea396ce3964d88b4b8425873431883\ZetaLongPaths.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\LiveAgent\app-0.0.68.15635~b3ea396ce3964d88b4b8425873431883\config.json.{f7b140d2-12d9-49a3-9446-2dafaa3ccd88}
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\LiveAgent\SyncroLive.Service.Runner.exe
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\LiveAgent\SyncroLive.Agent.Runner.exe
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\7za-x64.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\7za-x86.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\ar-SA
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\ar-SA\Syncro.App.resources.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\Autofac.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\config.json
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\cs-CZ
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\cs-CZ\Syncro.App.resources.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\CSharpFunctionalExtensions.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\da-DK
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\da-DK\Syncro.App.resources.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\de-DE
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\de-DE\Syncro.App.resources.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\DeltaCompressionDotNet.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\Destructurama.Attributed.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\el-GR
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\el-GR\Syncro.App.resources.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\en
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\en\Syncro.App.resources.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\en\Syncro.Uninstaller.resources.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\es-ES
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\es-ES\Syncro.App.resources.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\fi-FI
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\fi-FI\Syncro.App.resources.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\FluentCommandLineParser.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\Flurl.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\Flurl.Http.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\fr-FR
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\fr-FR\Syncro.App.resources.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\ICSharpCode.SharpZipLib.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\Images
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\Images\chat-bubbles-icon.png
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\Images\custom-logo.png
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\Images\kabuto-logo.ico
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\Interop.IWshRuntimeLibrary.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\Interop.NetFwTypeLib.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\Interop.WUApiLib.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\it-IT
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\it-IT\Syncro.App.resources.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\Itenso.TimePeriod.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\ja-JP
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\ja-JP\Syncro.App.resources.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\JetBrains.Annotations.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\MetroFramework.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\MetroFramework.Fonts.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\Microsoft.Bcl.AsyncInterfaces.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\Microsoft.Web.XmlTransform.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\Microsoft.Win32.TaskScheduler.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\Mono.Cecil.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\Newtonsoft.Json.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\nl-NL
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\nl-NL\Syncro.App.resources.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\NuGet.Squirrel.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\Phoenix.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\pt-BR
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\pt-BR\Syncro.App.resources.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\RepairTech.Common.Tools.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\RepairTech.Common.Wpf.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\RollbarSharp.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\ru-RU
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\ru-RU\Syncro.App.resources.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\Serilog.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\Serilog.Formatting.Compact.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\Serilog.Sinks.Console.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\Serilog.Sinks.File.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\Serilog.Sinks.Literate.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\SevenZipSharp.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\SharpSnmpLib.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\sl-SI
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\sl-SI\Syncro.App.resources.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\Splat.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\Squirrel.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\Syncro.App.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\Syncro.App.dll.config
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\Syncro.App.Runner.exe
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\Syncro.Contracts.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\Syncro.Service.Configuration.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\Syncro.Service.exe
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\Syncro.Service.exe.config
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\Syncro.Service.Interfaces.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\Syncro.Service.Models.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\Syncro.Service.Runner.exe
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\Syncro.Service.Services.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\Syncro.Tools.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\Syncro.Uninstaller.exe
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\Syncro.Uninstaller.exe.config
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\Syncro.Uninstaller.Tools.exe
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\Syncro.Uninstaller.Tools.exe.config
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\System.Net.WebSockets.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\System.Runtime.CompilerServices.Unsafe.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\System.Runtime.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\System.Security.Cryptography.Algorithms.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\System.Security.Cryptography.Encoding.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\System.Security.Cryptography.Primitives.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\System.Security.Cryptography.X509Certificates.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\System.Threading.Tasks.Extensions.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\System.ValueTuple.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\Telerik.Windows.Controls.ConversationalUI.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\Telerik.Windows.Controls.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\Telerik.Windows.Controls.Input.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\Telerik.Windows.Controls.Navigation.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\Telerik.Windows.Data.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\UrlCombineLib.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\websocket-sharp.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\zh-CHS
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\zh-CHS\Syncro.App.resources.dll
Source: C:\Program Files\RepairTech\LiveAgent\SyncroLive.Agent.Runner.exe Directory created: C:\Program Files\RepairTech\LiveAgent\app-0.0.68.15635\OpenHardwareMonitorLib.sys
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Syncro Jump to behavior
Source: C:\Users\user\Desktop\INVOICE31401001340.exe File created: C:\ProgramData\Syncro\logs\MasterInstaller.log Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe File created: C:\ProgramData\Syncro\logs\Syncro.Installer20240318.log Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe File created: C:\ProgramData\Syncro\logs\Syncro.Installer20240319.log Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe File created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\Syncro.Installer.exe.log Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\InstallUtil.exe File created: C:\ProgramData\Syncro\logs\ServiceInstall.log Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\InstallUtil.exe File created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\InstallUtil.exe.log Jump to behavior
Source: INVOICE31401001340.exe Static PE information: certificate valid
Source: unknown HTTPS traffic detected: 54.235.117.67:443 -> 192.168.2.6:49703 version: TLS 1.2
Source: unknown HTTPS traffic detected: 52.40.78.72:443 -> 192.168.2.6:49706 version: TLS 1.2
Source: unknown HTTPS traffic detected: 172.67.70.15:443 -> 192.168.2.6:49711 version: TLS 1.2
Source: unknown HTTPS traffic detected: 54.235.117.67:443 -> 192.168.2.6:49724 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.26.14.34:443 -> 192.168.2.6:49727 version: TLS 1.2
Source: unknown HTTPS traffic detected: 3.222.92.158:443 -> 192.168.2.6:49731 version: TLS 1.2
Source: unknown HTTPS traffic detected: 52.40.78.72:443 -> 192.168.2.6:49737 version: TLS 1.2
Source: unknown HTTPS traffic detected: 52.206.234.204:443 -> 192.168.2.6:49739 version: TLS 1.2
Source: unknown HTTPS traffic detected: 52.40.78.72:443 -> 192.168.2.6:49740 version: TLS 1.2
Source: unknown HTTPS traffic detected: 54.213.117.181:443 -> 192.168.2.6:49807 version: TLS 1.2
Source: unknown HTTPS traffic detected: 54.213.117.181:443 -> 192.168.2.6:49809 version: TLS 1.2
Source: unknown HTTPS traffic detected: 54.235.117.67:443 -> 192.168.2.6:49811 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.26.14.34:443 -> 192.168.2.6:49814 version: TLS 1.2
Source: unknown HTTPS traffic detected: 52.40.78.72:443 -> 192.168.2.6:49818 version: TLS 1.2
Source: unknown HTTPS traffic detected: 52.40.78.72:443 -> 192.168.2.6:49819 version: TLS 1.2
Source: unknown HTTPS traffic detected: 52.40.78.72:443 -> 192.168.2.6:49823 version: TLS 1.2
Source: unknown HTTPS traffic detected: 54.84.28.205:443 -> 192.168.2.6:49825 version: TLS 1.2
Source: INVOICE31401001340.exe Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Source: Binary string: C:\custombuilds\syncro\prod\master\Syncro.Service.Interfaces\obj\Release\net462\Syncro.Service.Interfaces.pdb source: Syncro.Installer.exe, 00000002.00000002.2309646185.0000021C0041A000.00000004.00000800.00020000.00000000.sdmp, Syncro.Installer.exe, 00000002.00000002.2309646185.0000021C00433000.00000004.00000800.00020000.00000000.sdmp, Syncro.Installer.exe, 00000002.00000002.2309646185.0000021C00447000.00000004.00000800.00020000.00000000.sdmp, Syncro.Installer.exe, 00000002.00000002.2326226013.0000021C75CA0000.00000004.08000000.00040000.00000000.sdmp, Syncro.Service.Runner.exe, 00000009.00000002.3371865466.0000022A61312000.00000002.00000001.01000000.0000002F.sdmp
Source: Binary string: C:\projects\restsharp\RestSharp\obj\Release\net452\RestSharp.pdbI source: Syncro.Service.Runner.exe, 00000009.00000002.3483896621.0000022A7A282000.00000002.00000001.01000000.00000038.sdmp
Source: Binary string: C:\TeamCity\buildAgent\work\5410ab877c27fda6\KabutoLive.Service\obj\Release\SyncroLive.Service.pdb source: SyncroLive.Service.Runner.exe, 0000001C.00000002.3587090605.00000238544F2000.00000002.00000001.01000000.00000042.sdmp
Source: Binary string: c:\DeveloperTooling_Agent13\_work\103\s\Controls\Input\obj\Release45\Telerik.Windows.Controls.Input.pdb source: Syncro.Installer.exe, 00000002.00000002.2309646185.0000021C0010A000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: C:\TeamCity\buildAgent\work\5410ab877c27fda6\KabutoLive.Service\obj\Release\SyncroLive.Service.pdb{ source: SyncroLive.Service.Runner.exe, 0000001C.00000002.3587090605.00000238544F2000.00000002.00000001.01000000.00000042.sdmp
Source: Binary string: C:\projects\autofac\src\Autofac\obj\Release\net461\Autofac.pdbSHA256 source: Syncro.Service.Runner.exe, 00000009.00000002.3372746246.0000022A613B2000.00000002.00000001.01000000.00000030.sdmp, Syncro.Overmind.Service.exe, 0000000E.00000002.2463649611.00000172064D0000.00000004.08000000.00040000.00000000.sdmp
Source: Binary string: /_/src/Flurl.Http/obj/Release/net461/Flurl.Http.pdb source: Syncro.Overmind.Service.exe, 0000000E.00000002.2464154751.0000017206540000.00000004.08000000.00040000.00000000.sdmp
Source: Binary string: C:\custombuilds\syncro\prod\master\repairtech-tools\Squirrel.Windows\vendor\nuget\src\Core\obj\Release\NuGet.Squirrel.pdb source: Syncro.Service.Runner.exe, 00000009.00000002.3492596712.0000022A7A5E2000.00000002.00000001.01000000.0000003C.sdmp
Source: Binary string: \??\C:\Windows\symbols\dll\System.ServiceModel.Internals.pdbc561934e089 source: Syncro.App.Runner.exe, 00000015.00000002.3411155020.000002077304F000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\custombuilds\syncro\prod\master\Kabuto.Installer\obj\Release\Syncro.Installer.pdb source: INVOICE31401001340.exe, 00000000.00000002.2353079397.0000000013189000.00000004.00000800.00020000.00000000.sdmp, INVOICE31401001340.exe, 00000000.00000000.2120038499.0000000000672000.00000002.00000001.01000000.00000003.sdmp, Syncro.Installer.exe, 00000002.00000000.2130594520.0000021C72832000.00000002.00000001.01000000.00000006.sdmp
Source: Binary string: D:\dev\github\UrlCombine\UrlCombineLib\obj\Debug\net40\UrlCombineLib.pdba+{+ m+_CorDllMainmscoree.dll source: Syncro.Installer.exe, 00000002.00000002.2309646185.0000021C0026E000.00000004.00000800.00020000.00000000.sdmp, Syncro.Installer.exe, 00000002.00000002.2323567092.0000021C756C0000.00000004.08000000.00040000.00000000.sdmp, Syncro.Installer.exe, 00000002.00000002.2309646185.0000021C002E9000.00000004.00000800.00020000.00000000.sdmp, Syncro.Service.Runner.exe, 00000009.00000002.3495322136.0000022A7A872000.00000002.00000001.01000000.0000003E.sdmp, Syncro.Overmind.Service.exe, 00000011.00000002.3594084272.0000023C0F7E9000.00000004.00000800.00020000.00000000.sdmp, Syncro.Overmind.Service.exe, 00000011.00000002.3594084272.0000023C0F7FD000.00000004.00000800.00020000.00000000.sdmp, Syncro.Overmind.Service.exe, 00000011.00000002.3594084272.0000023C0F7CD000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: C:\custombuilds\syncro\prod\master\Kabuto.Service.Configuration\obj\Release\Syncro.Service.Configuration.pdb source: Syncro.Service.Runner.exe, 00000009.00000002.3482754410.0000022A79FD2000.00000002.00000001.01000000.00000036.sdmp
Source: Binary string: System.pdbs\CLSID\{0A29FF9E-7F9C-4437-8B11-F424491E3931}\InprocServer32 source: Syncro.App.Runner.exe, 00000015.00000002.3411155020.000002077304F000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Windows\System.ServiceModel.Internals.pdbpdbals.pdb[fo# source: Syncro.App.Runner.exe, 00000015.00000002.3411155020.000002077304F000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: 0C:\Windows\mscorlib.pdb source: SyncroLive.Agent.Runner.exe, 0000001D.00000002.3570752750.0000005BFC9EE000.00000004.00000010.00020000.00000000.sdmp
Source: Binary string: y:\code\paulcbetts\splat\Splat\obj\Release\Net45\Splat.pdb source: Syncro.Service.Runner.exe, 00000009.00000002.3484702294.0000022A7A2B2000.00000002.00000001.01000000.00000039.sdmp
Source: Binary string: \??\C:\Windows\dll\System.ServiceModel.Internals.pdb source: Syncro.App.Runner.exe, 00000015.00000002.3411155020.000002077304F000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\garre\Documents\Visual Studio 2015\Projects\metroframework\MetroFramework.Fonts\obj\Debug\MetroFramework.Fonts.pdb source: Syncro.Installer.exe, 00000002.00000002.2326805739.0000021C771E0000.00000004.08000000.00040000.00000000.sdmp
Source: Binary string: C:\projects\flurl\src\Flurl\obj\Release\net461\Flurl.pdb source: Syncro.Installer.exe, 00000002.00000002.2309646185.0000021C00447000.00000004.00000800.00020000.00000000.sdmp, Syncro.Installer.exe, 00000002.00000002.2309646185.0000021C0048A000.00000004.00000800.00020000.00000000.sdmp, Syncro.Installer.exe, 00000002.00000002.2326708476.0000021C770F0000.00000004.08000000.00040000.00000000.sdmp, Syncro.Service.Runner.exe, 00000009.00000002.3494544518.0000022A7A682000.00000002.00000001.01000000.0000003D.sdmp
Source: Binary string: C:\custombuilds\syncro\prod\master\Syncro.Service.Services\obj\Release\net462\Syncro.Service.Services.pdb source: Syncro.Installer.exe, 00000002.00000002.2309646185.0000021C0041A000.00000004.00000800.00020000.00000000.sdmp, Syncro.Installer.exe, 00000002.00000002.2309646185.0000021C00404000.00000004.00000800.00020000.00000000.sdmp, Syncro.Installer.exe, 00000002.00000002.2309646185.0000021C003E9000.00000004.00000800.00020000.00000000.sdmp, Syncro.Installer.exe, 00000002.00000002.2326198935.0000021C75C90000.00000004.08000000.00040000.00000000.sdmp, Syncro.Service.Runner.exe, 00000009.00000002.3474074748.0000022A79D33000.00000002.00000001.01000000.00000032.sdmp
Source: Binary string: C:\custombuilds\syncro\prod\master\external\filepusher\FilePusher\obj\Release\FilePusher.pdb source: Syncro.Installer.exe, 00000002.00000002.2324699686.0000021C75AE0000.00000004.08000000.00040000.00000000.sdmp, Syncro.Service.Runner.exe, 00000009.00000002.3474168240.0000022A79D42000.00000002.00000001.01000000.00000033.sdmp
Source: Binary string: C:\custombuilds\syncro\prod\master\Syncro.Service.Models\obj\Release\net462\Syncro.Service.Models.pdb source: Syncro.Installer.exe, 00000002.00000002.2309646185.0000021C003BA000.00000004.00000800.00020000.00000000.sdmp, Syncro.Installer.exe, 00000002.00000002.2326155846.0000021C75C80000.00000004.08000000.00040000.00000000.sdmp, Syncro.Installer.exe, 00000002.00000002.2309646185.0000021C003E9000.00000004.00000800.00020000.00000000.sdmp, Syncro.Installer.exe, 00000002.00000002.2309646185.0000021C003D3000.00000004.00000800.00020000.00000000.sdmp, Syncro.Service.Runner.exe, 00000009.00000002.3473911585.0000022A79CE2000.00000002.00000001.01000000.00000031.sdmp
Source: Binary string: C:\projects\serilog-sinks-file\src\Serilog.Sinks.File\obj\Release\net45\Serilog.Sinks.File.pdbSHA256 source: Syncro.Overmind.Service.exe, 0000000E.00000002.2472791182.000001721EC60000.00000004.08000000.00040000.00000000.sdmp
Source: Binary string: C:\Users\garre\Documents\Visual Studio 2015\Projects\metroframework\MetroFramework\obj\Debug\MetroFramework.pdb source: Syncro.Installer.exe, 00000002.00000002.2320422475.0000021C74AE0000.00000004.08000000.00040000.00000000.sdmp, Syncro.Installer.exe, 00000002.00000002.2316441248.0000021C100F2000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 0000000D.00000002.2919496731.0000021356F92000.00000002.00000001.01000000.00000022.sdmp
Source: Binary string: C:\projects\serilog-formatting-compact\src\Serilog.Formatting.Compact\obj\Release\net452\Serilog.Formatting.Compact.pdb source: Syncro.Installer.exe, 00000002.00000002.2321372513.0000021C74C10000.00000004.08000000.00040000.00000000.sdmp, Syncro.App.Runner.exe, 0000000D.00000002.2910799163.0000021356572000.00000002.00000001.01000000.00000015.sdmp
Source: Binary string: C:\custombuilds\syncro\prod\master\repairtech-tools\RepairTech.Common.Wpf\obj\Release\net462\RepairTech.Common.Wpf.pdb source: Syncro.App.Runner.exe, 0000000D.00000002.2920973719.00000213583C2000.00000002.00000001.01000000.00000023.sdmp
Source: Binary string: C:\projects\autofac\src\Autofac\obj\Release\net461\Autofac.pdb source: Syncro.Service.Runner.exe, 00000009.00000002.3372746246.0000022A613B2000.00000002.00000001.01000000.00000030.sdmp, Syncro.Overmind.Service.exe, 0000000E.00000002.2463649611.00000172064D0000.00000004.08000000.00040000.00000000.sdmp
Source: Binary string: C:\custombuilds\syncro\prod\master\Syncro.Service.Services\obj\Release\net462\Syncro.Service.Services.pdbSHA256d5G source: Syncro.Service.Runner.exe, 00000009.00000002.3474074748.0000022A79D33000.00000002.00000001.01000000.00000032.sdmp
Source: Binary string: c:\DeveloperTooling_Agent13\_work\103\s\Controls\Navigation\obj\Release45\Telerik.Windows.Controls.Navigation.pdb source: Syncro.Overmind.Service.exe, 00000011.00000002.3707462292.0000023C1F34F000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: C:\custombuilds\syncro\prod\master\repairtech-tools\3rdparty\PhoenixSharp\Phoenix\obj\Release\net45\Phoenix.pdbSHA2561 source: Syncro.Service.Runner.exe, 00000009.00000002.3482482309.0000022A79FC2000.00000002.00000001.01000000.00000035.sdmp
Source: Binary string: d:\_Bld\1966\2780\Sources\obj\AnyCPU\Release\Microsoft.Data.Edm.csproj\Desktop\Microsoft.Data.Edm.pdb source: Microsoft.Data.Edm.dll.2.dr
Source: Binary string: \??\C:\Windows\symbols\dll\System.pdbdbS source: Syncro.App.Runner.exe, 00000015.00000002.3411155020.000002077304F000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Windows\System.pdb source: Syncro.App.Runner.exe, 00000015.00000002.3411155020.000002077304F000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\projects\serilog-formatting-compact\src\Serilog.Formatting.Compact\obj\Release\net452\Serilog.Formatting.Compact.pdbSHA256 source: Syncro.Installer.exe, 00000002.00000002.2321372513.0000021C74C10000.00000004.08000000.00040000.00000000.sdmp, Syncro.App.Runner.exe, 0000000D.00000002.2910799163.0000021356572000.00000002.00000001.01000000.00000015.sdmp
Source: Binary string: C:\Sources\CSharpFunctionalExtensions\CSharpFunctionalExtensions\obj\Debug\net461\CSharpFunctionalExtensions.pdbSHA256` source: Syncro.Installer.exe, 00000002.00000002.2320142547.0000021C732F0000.00000004.08000000.00040000.00000000.sdmp, Syncro.Service.Runner.exe, 00000009.00000002.3481695293.0000022A79F52000.00000002.00000001.01000000.00000034.sdmp
Source: Binary string: C:\custombuilds\syncro\prod\master\Syncro.Service.Models\obj\Release\net462\Syncro.Service.Models.pdbSHA256J source: Syncro.Installer.exe, 00000002.00000002.2309646185.0000021C003BA000.00000004.00000800.00020000.00000000.sdmp, Syncro.Installer.exe, 00000002.00000002.2326155846.0000021C75C80000.00000004.08000000.00040000.00000000.sdmp, Syncro.Installer.exe, 00000002.00000002.2309646185.0000021C003E9000.00000004.00000800.00020000.00000000.sdmp, Syncro.Installer.exe, 00000002.00000002.2309646185.0000021C003D3000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: /_/artifacts/obj/Microsoft.Bcl.AsyncInterfaces/net461-Release/Microsoft.Bcl.AsyncInterfaces.pdb source: Syncro.Service.Runner.exe, 00000009.00000002.3371363933.0000022A612F2000.00000002.00000001.01000000.0000002D.sdmp
Source: Binary string: \??\C:\Windows\symbols\dll\System.ServiceModel.Internals.pdb source: Syncro.App.Runner.exe, 00000015.00000002.3411155020.000002077304F000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Projects\serilog-sinks-rollbar\src\Serilog.Sinks.RollbarCom\obj\Release\net452\Serilog.Sinks.RollbarCom.pdbSHA256 source: Syncro.Overmind.Service.exe, 0000000E.00000002.2473696770.000001721ECB0000.00000004.08000000.00040000.00000000.sdmp
Source: Binary string: c:\projects\rollbarsharp\src\RollbarSharp\obj\Release\RollbarSharp.pdb source: Syncro.App.Runner.exe, 0000000D.00000002.2915268034.0000021356872000.00000002.00000001.01000000.0000001D.sdmp
Source: Binary string: C:\custombuilds\syncro\prod\master\repairtech-tools\RepairTech.Common.Tools\obj\Release\RepairTech.Common.Tools.pdb source: Syncro.Installer.exe, 00000002.00000002.2321024872.0000021C74BA0000.00000004.08000000.00040000.00000000.sdmp, Syncro.App.Runner.exe, 0000000D.00000002.2912047016.0000021356632000.00000002.00000001.01000000.00000018.sdmp
Source: Binary string: C:\projects\topshelf\src\Topshelf\obj\Release\net452\Topshelf.pdbSHA256 source: SyncroLive.Service.Runner.exe, 0000001C.00000002.3600010389.00000238546D2000.00000002.00000001.01000000.0000004F.sdmp
Source: Binary string: C:\custombuilds\syncro\prod\master\Syncro.Service.Interfaces\obj\Release\net462\Syncro.Service.Interfaces.pdbSHA256 source: Syncro.Installer.exe, 00000002.00000002.2309646185.0000021C0041A000.00000004.00000800.00020000.00000000.sdmp, Syncro.Installer.exe, 00000002.00000002.2309646185.0000021C00433000.00000004.00000800.00020000.00000000.sdmp, Syncro.Installer.exe, 00000002.00000002.2309646185.0000021C00447000.00000004.00000800.00020000.00000000.sdmp, Syncro.Installer.exe, 00000002.00000002.2326226013.0000021C75CA0000.00000004.08000000.00040000.00000000.sdmp
Source: Binary string: [indoC:\Windows\mscorlib.pdb source: SyncroLive.Agent.Runner.exe, 0000001D.00000002.3570752750.0000005BFC9EE000.00000004.00000010.00020000.00000000.sdmp
Source: Binary string: mscorlib.pdb source: SyncroLive.Agent.Runner.exe, 0000001D.00000002.3570752750.0000005BFC9EE000.00000004.00000010.00020000.00000000.sdmp
Source: Binary string: c:\DeveloperTooling_Agent13\_work\103\s\Core\Data\obj\Release45\Telerik.Windows.Data.pdb source: Syncro.Installer.exe, 00000002.00000002.2309646185.0000021C0026E000.00000004.00000800.00020000.00000000.sdmp, Syncro.Overmind.Service.exe, 00000011.00000002.3707462292.0000023C1F245000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: C:\custombuilds\syncro\prod\master\Syncro.Service.Models\obj\Release\net462\Syncro.Service.Models.pdbSHA256 source: Syncro.Service.Runner.exe, 00000009.00000002.3473911585.0000022A79CE2000.00000002.00000001.01000000.00000031.sdmp
Source: Binary string: C:\Users\dahall\Documents\Visual Studio 2010\Projects\TaskService\obj\Release\Microsoft.Win32.TaskScheduler.pdb source: Syncro.Service.Runner.exe, 00000009.00000002.3482920323.0000022A79FF2000.00000002.00000001.01000000.00000037.sdmp
Source: Binary string: C:\projects\topshelf\src\Topshelf.Serilog\obj\Release\net452\Topshelf.Serilog.pdbSHA256 source: Syncro.Overmind.Service.exe, 0000000E.00000002.2464315427.000001720664B000.00000004.00000800.00020000.00000000.sdmp, Syncro.Overmind.Service.exe, 0000000E.00000002.2473741875.000001721ED80000.00000004.08000000.00040000.00000000.sdmp, Syncro.Overmind.Service.exe, 0000000E.00000002.2464315427.0000017206614000.00000004.00000800.00020000.00000000.sdmp, Syncro.Overmind.Service.exe, 0000000E.00000002.2464315427.0000017206661000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.pdb source: Syncro.App.Runner.exe, 00000015.00000002.3401926582.0000020770B98000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: [C:\Windows\Microsoft.Net\assembly\GAC_64\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdbxo) source: SyncroLive.Agent.Runner.exe, 0000001D.00000002.3570752750.0000005BFC9EE000.00000004.00000010.00020000.00000000.sdmp
Source: Binary string: C:\projects\attributed\src\Destructurama.Attributed\obj\Release\netstandard1.1\Destructurama.Attributed.pdb source: Syncro.Installer.exe, 00000002.00000002.2320838041.0000021C74B60000.00000004.08000000.00040000.00000000.sdmp, Syncro.App.Runner.exe, 0000000D.00000002.2910488672.0000021356552000.00000002.00000001.01000000.00000013.sdmp
Source: Binary string: C:\TeamCity\buildAgent\work\5410ab877c27fda6\repairtech-tools\RepairTech.Common.Tools\obj\Release\RepairTech.Common.Tools.pdbV source: SyncroLive.Service.Runner.exe, 0000001C.00000002.3588941982.0000023854572000.00000002.00000001.01000000.00000047.sdmp
Source: Binary string: C:\projects\serilog-sinks-console\src\Serilog.Sinks.Console\obj\Release\net45\Serilog.Sinks.Console.pdbP source: Syncro.Installer.exe, 00000002.00000002.2321907299.0000021C75430000.00000004.08000000.00040000.00000000.sdmp, Syncro.App.Runner.exe, 0000000D.00000002.2915420583.0000021356882000.00000002.00000001.01000000.0000001E.sdmp
Source: Binary string: c:\projects\rollbarsharp\src\RollbarSharp\obj\Release\RollbarSharp.pdbp source: Syncro.App.Runner.exe, 0000000D.00000002.2915268034.0000021356872000.00000002.00000001.01000000.0000001D.sdmp
Source: Binary string: \??\C:\Windows\dll\System.pdbn source: Syncro.App.Runner.exe, 00000015.00000002.3411155020.0000020773017000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\custombuilds\syncro\prod\master\repairtech-tools\RepairTech.Common.Wpf\obj\Release\net462\RepairTech.Common.Wpf.pdbSHA256 source: Syncro.App.Runner.exe, 0000000D.00000002.2920973719.00000213583C2000.00000002.00000001.01000000.00000023.sdmp
Source: Binary string: /_/src/Serilog/obj/Release/net46/Serilog.pdbSHA256d source: Syncro.Overmind.Service.exe, 0000000E.00000002.2463966937.0000017206510000.00000004.08000000.00040000.00000000.sdmp
Source: Binary string: System.ServiceModel.Internals.pdb source: Syncro.App.Runner.exe, 00000015.00000002.3411155020.0000020773017000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\TeamCity\buildAgent\work\5410ab877c27fda6\KabutoLive.Interface\obj\Release\SyncroLive.Interface.pdb source: SyncroLive.Service.Runner.exe, 0000001C.00000002.3586844408.00000238544E2000.00000002.00000001.01000000.00000041.sdmp
Source: Binary string: System.pdbN|2h|2 Z|2_CorDllMainmscoree.dll source: Syncro.App.Runner.exe, 00000015.00000002.3411155020.0000020772FD0000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\garre\Documents\Visual Studio 2015\Projects\metroframework\MetroFramework\obj\Debug\MetroFramework.pdb<r source: Syncro.Installer.exe, 00000002.00000002.2320422475.0000021C74AE0000.00000004.08000000.00040000.00000000.sdmp, Syncro.Installer.exe, 00000002.00000002.2316441248.0000021C100F2000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 0000000D.00000002.2919496731.0000021356F92000.00000002.00000001.01000000.00000022.sdmp
Source: Binary string: /_/src/Serilog/obj/Release/net46/Serilog.pdb source: Syncro.Overmind.Service.exe, 0000000E.00000002.2463966937.0000017206510000.00000004.08000000.00040000.00000000.sdmp
Source: Binary string: \??\C:\Windows\dll\System.ServiceModel.Internals.pdbu source: Syncro.App.Runner.exe, 00000015.00000002.3411155020.000002077304F000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: symbols\dll\mscorlib.pdbpdb) source: SyncroLive.Agent.Runner.exe, 0000001D.00000002.3570752750.0000005BFC9EE000.00000004.00000010.00020000.00000000.sdmp
Source: Binary string: C:\TeamCity\buildAgent\work\5445af565e77c952\servicing\Syncro.Common\obj\Release\net462\Syncro.Common.pdb source: Syncro.Overmind.Service.exe, 0000000E.00000002.2463371105.0000017206490000.00000004.08000000.00040000.00000000.sdmp
Source: Binary string: C:\TeamCity\buildAgent\work\5410ab877c27fda6\repairtech-tools\Squirrel.Windows\vendor\nuget\src\Core\obj\Release\NuGet.Squirrel.pdb source: SyncroLive.Service.Runner.exe, 0000001C.00000002.3723346956.000002386D032000.00000002.00000001.01000000.00000051.sdmp
Source: Binary string: mscorlib.pdbcorlib.pdbpdblib.pdbC_64\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdb source: SyncroLive.Agent.Runner.exe, 0000001D.00000002.3570752750.0000005BFC9EE000.00000004.00000010.00020000.00000000.sdmp
Source: Binary string: C:\TeamCity\buildAgent\work\5410ab877c27fda6\repairtech-tools\RepairTech.Common.Tools\obj\Release\RepairTech.Common.Tools.pdb source: SyncroLive.Service.Runner.exe, 0000001C.00000002.3588941982.0000023854572000.00000002.00000001.01000000.00000047.sdmp
Source: Binary string: C:\custombuilds\syncro\prod\master\external\filepusher\FilePusher\obj\Release\FilePusher.pdb16K6 =6_CorExeMainmscoree.dll source: Syncro.Installer.exe, 00000002.00000002.2324699686.0000021C75AE0000.00000004.08000000.00040000.00000000.sdmp, Syncro.Service.Runner.exe, 00000009.00000002.3474168240.0000022A79D42000.00000002.00000001.01000000.00000033.sdmp
Source: Binary string: C:\custombuilds\syncro\prod\master\Kabuto.Contracts\obj\Release\Syncro.Contracts.pdb source: Syncro.Installer.exe, 00000002.00000002.2320882524.0000021C74B70000.00000004.08000000.00040000.00000000.sdmp, Syncro.App.Runner.exe, 0000000D.00000002.2914720136.00000213567B2000.00000002.00000001.01000000.0000001A.sdmp
Source: Binary string: Z:\TeamCityAgent\work\ca2a746ef7596f45\FluentCommandLineParser\obj\Release\FluentCommandLineParser.pdb source: Syncro.Installer.exe, 00000002.00000002.2321418166.0000021C74C40000.00000004.08000000.00040000.00000000.sdmp, Syncro.App.Runner.exe, 0000000D.00000002.2915565224.00000213568B2000.00000002.00000001.01000000.0000001F.sdmp
Source: Binary string: C:\Progr.pdb source: SyncroLive.Agent.Runner.exe, 0000001D.00000002.3570752750.0000005BFC9EE000.00000004.00000010.00020000.00000000.sdmp
Source: Binary string: C:\projects\topshelf\src\Topshelf\obj\Release\net452\Topshelf.pdbSHA256\ source: Syncro.Overmind.Service.exe, 0000000E.00000002.2472463445.000001721EC30000.00000004.08000000.00040000.00000000.sdmp, Syncro.Overmind.Service.exe, 0000000E.00000002.2467329958.0000017216854000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: D:\dev\github\UrlCombine\UrlCombineLib\obj\Debug\net40\UrlCombineLib.pdb source: Syncro.Installer.exe, 00000002.00000002.2309646185.0000021C0026E000.00000004.00000800.00020000.00000000.sdmp, Syncro.Installer.exe, 00000002.00000002.2323567092.0000021C756C0000.00000004.08000000.00040000.00000000.sdmp, Syncro.Installer.exe, 00000002.00000002.2309646185.0000021C002E9000.00000004.00000800.00020000.00000000.sdmp, Syncro.Service.Runner.exe, 00000009.00000002.3495322136.0000022A7A872000.00000002.00000001.01000000.0000003E.sdmp, Syncro.Overmind.Service.exe, 00000011.00000002.3594084272.0000023C0F7E9000.00000004.00000800.00020000.00000000.sdmp, Syncro.Overmind.Service.exe, 00000011.00000002.3594084272.0000023C0F7FD000.00000004.00000800.00020000.00000000.sdmp, Syncro.Overmind.Service.exe, 00000011.00000002.3594084272.0000023C0F7CD000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: z:\Builds\work\23f7f5f0221f789c\FluentCommandLineParser\obj\release\FluentCommandLineParser.pdb source: SyncroLive.Service.Runner.exe, 0000001C.00000002.3599319605.00000238546B2000.00000002.00000001.01000000.0000004E.sdmp
Source: Binary string: C:\custombuilds\syncro\prod\master\repairtech-tools\RepairTech.Common.Tools\obj\Release\RepairTech.Common.Tools.pdbl source: Syncro.App.Runner.exe, 0000000D.00000002.2912047016.0000021356632000.00000002.00000001.01000000.00000018.sdmp
Source: Binary string: C:\TeamCity\buildAgent\work\5445af565e77c952\servicing\Syncro.Common\obj\Release\net462\Syncro.Common.pdbSHA256 source: Syncro.Overmind.Service.exe, 0000000E.00000002.2463371105.0000017206490000.00000004.08000000.00040000.00000000.sdmp
Source: Binary string: C:\TeamCity\buildAgent\work\5410ab877c27fda6\repairtech-tools\Squirrel.Windows\src\Squirrel\obj\Release\Squirrel.pdb source: SyncroLive.Service.Runner.exe, 0000001C.00000002.3594248962.0000023854622000.00000002.00000001.01000000.0000004B.sdmp
Source: Binary string: C:\custombuilds\syncro\prod\master\Kabuto.Tools\obj\Release\Syncro.Tools.pdb source: Syncro.Installer.exe, 00000002.00000002.2320738683.0000021C74B40000.00000004.08000000.00040000.00000000.sdmp, Syncro.App.Runner.exe, 0000000D.00000002.2914955107.00000213567D2000.00000002.00000001.01000000.0000001B.sdmp
Source: Binary string: C:\projects\topshelf\src\Topshelf.Serilog\obj\Release\net452\Topshelf.Serilog.pdb source: Syncro.Overmind.Service.exe, 0000000E.00000002.2464315427.000001720664B000.00000004.00000800.00020000.00000000.sdmp, Syncro.Overmind.Service.exe, 0000000E.00000002.2473741875.000001721ED80000.00000004.08000000.00040000.00000000.sdmp, Syncro.Overmind.Service.exe, 0000000E.00000002.2464315427.0000017206614000.00000004.00000800.00020000.00000000.sdmp, Syncro.Overmind.Service.exe, 0000000E.00000002.2464315427.0000017206661000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: C:\custombuilds\syncro\prod\master\Installer\obj\Release\Installer.pdbSHA256 source: INVOICE31401001340.exe, 00000000.00000000.2120038499.0000000000672000.00000002.00000001.01000000.00000003.sdmp
Source: Binary string: C:\Projects\serilog-sinks-rollbar\src\Serilog.Sinks.RollbarCom\obj\Release\net452\Serilog.Sinks.RollbarCom.pdb source: Syncro.Overmind.Service.exe, 0000000E.00000002.2473696770.000001721ECB0000.00000004.08000000.00040000.00000000.sdmp
Source: Binary string: C:\projects\flurl\src\Flurl\obj\Release\net461\Flurl.pdbSHA256 source: Syncro.Installer.exe, 00000002.00000002.2309646185.0000021C00447000.00000004.00000800.00020000.00000000.sdmp, Syncro.Installer.exe, 00000002.00000002.2309646185.0000021C0048A000.00000004.00000800.00020000.00000000.sdmp, Syncro.Installer.exe, 00000002.00000002.2326708476.0000021C770F0000.00000004.08000000.00040000.00000000.sdmp, Syncro.Service.Runner.exe, 00000009.00000002.3494544518.0000022A7A682000.00000002.00000001.01000000.0000003D.sdmp
Source: Binary string: z:\Builds\work\23f7f5f0221f789c\FluentCommandLineParser\obj\release\FluentCommandLineParser.pdbp source: SyncroLive.Service.Runner.exe, 0000001C.00000002.3599319605.00000238546B2000.00000002.00000001.01000000.0000004E.sdmp
Source: Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.pdb source: Syncro.App.Runner.exe, 00000015.00000002.3419276773.0000020773624000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\A\_work\156\s\corefx\bin\obj\AnyOS.AnyCPU.Release\System.Threading.Tasks.Extensions\netfx\System.Threading.Tasks.Extensions.pdb source: Syncro.Service.Runner.exe, 00000009.00000002.3371599333.0000022A61302000.00000002.00000001.01000000.0000002E.sdmp
Source: Binary string: C:\custombuilds\syncro\prod\master\Kabuto.App\obj\Release\Syncro.App.pdb1 source: Syncro.App.Runner.exe, 0000000D.00000002.2911244289.00000213565C2000.00000002.00000001.01000000.00000017.sdmp
Source: Binary string: C:\custombuilds\syncro\prod\master\Installer\obj\Release\Installer.pdb source: INVOICE31401001340.exe, 00000000.00000000.2120038499.0000000000672000.00000002.00000001.01000000.00000003.sdmp
Source: Binary string: C:\custombuilds\syncro\prod\master\Kabuto.Service.Runner\obj\Release\Syncro.Service.Runner.pdb source: INVOICE31401001340.exe
Source: Binary string: /_/Src/Newtonsoft.Json/obj/Release/net45/Newtonsoft.Json.pdbSHA256 source: Syncro.Installer.exe, 00000002.00000002.2309646185.0000021C0010A000.00000004.00000800.00020000.00000000.sdmp, Syncro.Installer.exe, 00000002.00000002.2316441248.0000021C10001000.00000004.00000800.00020000.00000000.sdmp, Syncro.Installer.exe, 00000002.00000002.2323006385.0000021C755C0000.00000004.08000000.00040000.00000000.sdmp, Syncro.App.Runner.exe, 0000000D.00000002.2915904761.0000021356952000.00000002.00000001.01000000.00000020.sdmp, Syncro.Overmind.Service.exe, 0000000E.00000002.2467329958.0000017216854000.00000004.00000800.00020000.00000000.sdmp, Syncro.Overmind.Service.exe, 0000000E.00000002.2467329958.00000172165C9000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: /_/Src/Newtonsoft.Json/obj/Release/net45/Newtonsoft.Json.pdb source: Syncro.Installer.exe, 00000002.00000002.2309646185.0000021C0010A000.00000004.00000800.00020000.00000000.sdmp, Syncro.Installer.exe, 00000002.00000002.2316441248.0000021C10001000.00000004.00000800.00020000.00000000.sdmp, Syncro.Installer.exe, 00000002.00000002.2323006385.0000021C755C0000.00000004.08000000.00040000.00000000.sdmp, Syncro.App.Runner.exe, 0000000D.00000002.2915904761.0000021356952000.00000002.00000001.01000000.00000020.sdmp, Syncro.Overmind.Service.exe, 0000000E.00000002.2467329958.0000017216854000.00000004.00000800.00020000.00000000.sdmp, Syncro.Overmind.Service.exe, 0000000E.00000002.2467329958.00000172165C9000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: C:\projects\serilog\src\Serilog\obj\Release\net46\Serilog.pdb source: Syncro.Installer.exe, 00000002.00000002.2320267973.0000021C73310000.00000004.08000000.00040000.00000000.sdmp, Syncro.App.Runner.exe, 0000000D.00000002.2910958420.0000021356582000.00000002.00000001.01000000.00000016.sdmp, SyncroLive.Service.Runner.exe, 0000001C.00000002.3597764051.0000023854662000.00000002.00000001.01000000.0000004C.sdmp
Source: Binary string: C:\Sources\CSharpFunctionalExtensions\CSharpFunctionalExtensions\obj\Debug\net461\CSharpFunctionalExtensions.pdb source: Syncro.Installer.exe, 00000002.00000002.2320142547.0000021C732F0000.00000004.08000000.00040000.00000000.sdmp, Syncro.Service.Runner.exe, 00000009.00000002.3481695293.0000022A79F52000.00000002.00000001.01000000.00000034.sdmp
Source: Binary string: C:\projects\flurl\src\Flurl.Http\obj\Release\net461\Flurl.Http.pdbSHA256 source: Syncro.Installer.exe, 00000002.00000002.2322783144.0000021C75550000.00000004.08000000.00040000.00000000.sdmp, Syncro.App.Runner.exe, 0000000D.00000002.2914410699.0000021356792000.00000002.00000001.01000000.00000019.sdmp
Source: Binary string: C:\projects\flurl\src\Flurl.Http\obj\Release\net461\Flurl.Http.pdb source: Syncro.Installer.exe, 00000002.00000002.2322783144.0000021C75550000.00000004.08000000.00040000.00000000.sdmp, Syncro.App.Runner.exe, 0000000D.00000002.2914410699.0000021356792000.00000002.00000001.01000000.00000019.sdmp
Source: Binary string: C:\projects\serilog-sinks-literate\src\Serilog.Sinks.Literate\obj\Release\net45\Serilog.Sinks.Literate.pdb source: Syncro.Installer.exe, 00000002.00000002.2321396565.0000021C74C30000.00000004.08000000.00040000.00000000.sdmp, Syncro.App.Runner.exe, 0000000D.00000002.2915178522.00000213567F2000.00000002.00000001.01000000.0000001C.sdmp
Source: Binary string: C:\dev\github\Rollbar\Rollbar.NET\Rollbar\obj\Release\net462\Rollbar.pdbSHA2567 source: Syncro.Overmind.Service.exe, 0000000E.00000002.2472945190.000001721EC70000.00000004.08000000.00040000.00000000.sdmp, Syncro.Overmind.Service.exe, 0000000E.00000002.2467329958.0000017216593000.00000004.00000800.00020000.00000000.sdmp, Syncro.Overmind.Service.exe, 0000000E.00000002.2467329958.00000172165C9000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: C:\projects\topshelf\src\Topshelf\obj\Release\net452\Topshelf.pdb source: Syncro.Overmind.Service.exe, 0000000E.00000002.2472463445.000001721EC30000.00000004.08000000.00040000.00000000.sdmp, Syncro.Overmind.Service.exe, 0000000E.00000002.2467329958.0000017216854000.00000004.00000800.00020000.00000000.sdmp, SyncroLive.Service.Runner.exe, 0000001C.00000002.3600010389.00000238546D2000.00000002.00000001.01000000.0000004F.sdmp
Source: Binary string: C:\custombuilds\syncro\prod\master\repairtech-tools\Squirrel.Windows\src\Squirrel\obj\Release\Squirrel.pdb source: Syncro.Service.Runner.exe, 00000009.00000002.3484993397.0000022A7A302000.00000002.00000001.01000000.0000003A.sdmp
Source: Binary string: C:\TeamCity\buildAgent\work\5410ab877c27fda6\inputsimulator\WindowsInput\obj\Release\SyncroLive.WindowsInput.pdb source: SyncroLive.Service.Runner.exe, 0000001C.00000002.3722646924.000002386D012000.00000002.00000001.01000000.00000050.sdmp
Source: Binary string: C:\custombuilds\syncro\prod\master\Kabuto.Service\obj\Release\Syncro.Service.pdb] source: Syncro.Service.Runner.exe, 00000009.00000002.3474168240.0000022A79D42000.00000002.00000001.01000000.00000033.sdmp
Source: Binary string: C:\custombuilds\syncro\prod\master\bin\Release\Squirrel\Update.exe.pdbD source: INVOICE31401001340.exe, 00000000.00000002.2353079397.0000000013189000.00000004.00000800.00020000.00000000.sdmp, INVOICE31401001340.exe, 00000000.00000000.2120038499.0000000000672000.00000002.00000001.01000000.00000003.sdmp, Syncro.Installer.exe, 00000002.00000000.2130594520.0000021C72832000.00000002.00000001.01000000.00000006.sdmp
Source: Binary string: System.pdb source: Syncro.App.Runner.exe, 00000015.00000002.3411155020.0000020772FD0000.00000004.00000020.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000015.00000002.3419276773.000002077362D000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\custombuilds\syncro\prod\master\Kabuto.Service\obj\Release\Syncro.Service.pdb source: Syncro.Installer.exe, 00000002.00000002.2324699686.0000021C75AE0000.00000004.08000000.00040000.00000000.sdmp, Syncro.Service.Runner.exe, 00000009.00000002.3474168240.0000022A79D42000.00000002.00000001.01000000.00000033.sdmp
Source: Binary string: C:\dev\github\Rollbar\Rollbar.NET\Rollbar\obj\Release\net462\Rollbar.pdb source: Syncro.Overmind.Service.exe, 0000000E.00000002.2472945190.000001721EC70000.00000004.08000000.00040000.00000000.sdmp, Syncro.Overmind.Service.exe, 0000000E.00000002.2467329958.0000017216593000.00000004.00000800.00020000.00000000.sdmp, Syncro.Overmind.Service.exe, 0000000E.00000002.2467329958.00000172165C9000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: C:\custombuilds\syncro\prod\master\Syncro.Service.Services\obj\Release\net462\Syncro.Service.Services.pdbSHA256 source: Syncro.Installer.exe, 00000002.00000002.2309646185.0000021C0041A000.00000004.00000800.00020000.00000000.sdmp, Syncro.Installer.exe, 00000002.00000002.2309646185.0000021C00404000.00000004.00000800.00020000.00000000.sdmp, Syncro.Installer.exe, 00000002.00000002.2309646185.0000021C003E9000.00000004.00000800.00020000.00000000.sdmp, Syncro.Installer.exe, 00000002.00000002.2326198935.0000021C75C90000.00000004.08000000.00040000.00000000.sdmp
Source: Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.pdb source: Syncro.App.Runner.exe, 00000015.00000002.3411155020.000002077304F000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\custombuilds\syncro\prod\master\bin\Release\Squirrel\Update.exe.pdb source: INVOICE31401001340.exe, 00000000.00000002.2353079397.0000000013189000.00000004.00000800.00020000.00000000.sdmp, INVOICE31401001340.exe, 00000000.00000000.2120038499.0000000000672000.00000002.00000001.01000000.00000003.sdmp, Syncro.Installer.exe, 00000002.00000000.2130594520.0000021C72832000.00000002.00000001.01000000.00000006.sdmp
Source: Binary string: C:\Users\dahall\Documents\Visual Studio 2010\Projects\TaskService\obj\Release\Microsoft.Win32.TaskScheduler.pdb source: Syncro.Service.Runner.exe, 00000009.00000002.3482920323.0000022A79FF2000.00000002.00000001.01000000.00000037.sdmp
Source: Binary string: C:\projects\restsharp\RestSharp\obj\Release\net452\RestSharp.pdb source: Syncro.Service.Runner.exe, 00000009.00000002.3483896621.0000022A7A282000.00000002.00000001.01000000.00000038.sdmp
Source: Binary string: \??\C:\Windows\dll\System.pdb source: Syncro.App.Runner.exe, 00000015.00000002.3411155020.0000020773017000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\TeamCity\buildAgent\work\5410ab877c27fda6\repairtech-tools\Squirrel.Windows\src\Runner\obj\Release\Runner.pdb source: SyncroLive.Service.Runner.exe, 0000001C.00000000.3271704115.0000023853BE2000.00000002.00000001.01000000.00000024.sdmp
Source: Binary string: C:\custombuilds\syncro\prod\master\Kabuto.App.Runner\obj\Release\Syncro.App.Runner.pdb source: INVOICE31401001340.exe, Syncro.App.Runner.exe0.2.dr
Source: Binary string: C:\projects\serilog-sinks-file\src\Serilog.Sinks.File\obj\Release\net45\Serilog.Sinks.File.pdbw{ source: Syncro.Installer.exe, 00000002.00000002.2321337716.0000021C74C00000.00000004.08000000.00040000.00000000.sdmp, Syncro.App.Runner.exe, 0000000D.00000002.2910585414.0000021356562000.00000002.00000001.01000000.00000014.sdmp
Source: Binary string: C:\custombuilds\syncro\prod\master\repairtech-tools\RepairTech.Common.Tools\obj\Release\RepairTech.Common.Tools.pdb source: Syncro.Installer.exe, 00000002.00000002.2321024872.0000021C74BA0000.00000004.08000000.00040000.00000000.sdmp
Source: Binary string: /_/src/Flurl.Http/obj/Release/net461/Flurl.Http.pdbSHA256 source: Syncro.Overmind.Service.exe, 0000000E.00000002.2464154751.0000017206540000.00000004.08000000.00040000.00000000.sdmp
Source: Binary string: C:\custombuilds\syncro\prod\master\Syncro.Service.Interfaces\obj\Release\net462\Syncro.Service.Interfaces.pdbSHA256Aw source: Syncro.Service.Runner.exe, 00000009.00000002.3371865466.0000022A61312000.00000002.00000001.01000000.0000002F.sdmp
Source: Binary string: C:\projects\serilog-sinks-file\src\Serilog.Sinks.File\obj\Release\net45\Serilog.Sinks.File.pdb source: Syncro.Installer.exe, 00000002.00000002.2321337716.0000021C74C00000.00000004.08000000.00040000.00000000.sdmp, Syncro.App.Runner.exe, 0000000D.00000002.2910585414.0000021356562000.00000002.00000001.01000000.00000014.sdmp, Syncro.Overmind.Service.exe, 0000000E.00000002.2472791182.000001721EC60000.00000004.08000000.00040000.00000000.sdmp
Source: Binary string: C:\custombuilds\syncro\prod\master\repairtech-tools\3rdparty\PhoenixSharp\Phoenix\obj\Release\net45\Phoenix.pdb source: Syncro.Service.Runner.exe, 00000009.00000002.3482482309.0000022A79FC2000.00000002.00000001.01000000.00000035.sdmp
Source: Binary string: C:\custombuilds\syncro\prod\master\Kabuto.App\obj\Release\Syncro.App.pdb source: Syncro.App.Runner.exe, 0000000D.00000002.2911244289.00000213565C2000.00000002.00000001.01000000.00000017.sdmp
Source: Binary string: C:\projects\serilog-sinks-console\src\Serilog.Sinks.Console\obj\Release\net45\Serilog.Sinks.Console.pdb source: Syncro.Installer.exe, 00000002.00000002.2321907299.0000021C75430000.00000004.08000000.00040000.00000000.sdmp, Syncro.App.Runner.exe, 0000000D.00000002.2915420583.0000021356882000.00000002.00000001.01000000.0000001E.sdmp
Source: Binary string: \??\C:\Windows\System.pdbr source: Syncro.App.Runner.exe, 00000015.00000002.3411155020.000002077304F000.00000004.00000020.00020000.00000000.sdmp
Creates COM task schedule object (often to register a task for autostart)
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32 Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32 Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD} Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32 Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32 Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD} Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32 Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32 Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer32 Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD} Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\Elevation Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD} Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe File opened: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\7za-x64.dll Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe File opened: C:\Program Files\RepairTech\Syncro Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe File opened: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\NULL Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe File opened: C:\Program Files\RepairTech\NULL Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe File opened: C:\Program Files\RepairTech\Syncro\NULL Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe File opened: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910 Jump to behavior
Found inlined nop instructions (likely shell or obfuscated code)
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Code function: 4x nop then jmp 00007FFD34B37170h 2_2_00007FFD34B36ECA
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Code function: 4x nop then jmp 00007FFD350AB069h 9_2_00007FFD350AADE1
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Code function: 4x nop then jmp 00007FFD350AB069h 9_2_00007FFD350AB016
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Code function: 4x nop then dec eax 18_2_00007FFD34B73DAF
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Code function: 4x nop then dec eax 20_2_00007FFD34BA3C7D

Networking
barindex
Yara detected Generic Downloader
Source: Yara match File source: INVOICE31401001340.exe, type: SAMPLE
Source: Yara match File source: 2.0.Syncro.Installer.exe.21c728695f4.1.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 0.0.INVOICE31401001340.exe.6bb4e0.1.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 0.0.INVOICE31401001340.exe.683cec.2.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 0.0.INVOICE31401001340.exe.6b304c.3.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 0.2.INVOICE31401001340.exe.131c12b4.2.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 2.0.Syncro.Installer.exe.21c72861160.3.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 2.0.Syncro.Installer.exe.21c72830000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 0.0.INVOICE31401001340.exe.670000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 0.2.INVOICE31401001340.exe.131b8e20.3.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 0.2.INVOICE31401001340.exe.13189ac0.1.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 2.0.Syncro.Installer.exe.21c72872c88.2.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: C:\Program Files\RepairTech\Syncro\Update.exe, type: DROPPED
Source: Yara match File source: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\Telerik.Windows.Controls.dll, type: DROPPED
Source: Yara match File source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe, type: DROPPED
Source: Yara match File source: C:\Program Files\RepairTech\LiveAgent\app-0.0.66.14351~f7fcc35a2d1947f693e0732f444c406e\System.Management.Automation.dll, type: DROPPED
Source: Yara match File source: C:\Program Files\RepairTech\LiveAgent\app-0.0.66.14351~f7fcc35a2d1947f693e0732f444c406e\System.Management.Automation.dll, type: DROPPED
Source: Yara match File source: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\Telerik.Windows.Controls.dll, type: DROPPED
HTTP GET or POST without a user agent
Source: global traffic HTTP traffic detected: GET /device_api/auth/?shop_api_key=2prOdS61b-sQSAp6i_WVtA&installer_version=1.0.180 HTTP/1.1Accept: application/jsonHost: rmm.syncromsp.comAccept-Encoding: gzip, deflateConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /syncro/main/updates/RELEASES HTTP/1.1Host: production.kabutoservices.comAccept-Encoding: gzip, deflateConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /syncro/main/updates/Syncro-1.0.181.14910-full.nupkg HTTP/1.1Host: production.kabutoservices.comAccept-Encoding: gzip, deflate
Source: global traffic HTTP traffic detected: GET /api/syncro_device/installers/policy_id.json?customer_id=1375393&folder_id=3758119 HTTP/1.1Host: admin.syncroapi.comAccept-Encoding: gzip, deflateConnection: Keep-Alive
Source: global traffic HTTP traffic detected: POST /device_api/device HTTP/1.1Content-Type: application/json; charset=UTF-8Host: rmm.syncromsp.comContent-Length: 3895Expect: 100-continueAccept-Encoding: gzip, deflateConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET //device_api/sync_device?device_uuid=08bc108c-6328-49e2-9e11-d1871af9471c HTTP/1.1Content-Type: application/jsonHost: rmm.syncromsp.comAccept-Encoding: gzip, deflate
Source: global traffic HTTP traffic detected: POST /device_api/metric HTTP/1.1Content-Type: application/json; charset=UTF-8Host: rmm.syncromsp.comContent-Length: 136Expect: 100-continueAccept-Encoding: gzip, deflateConnection: Keep-Alive
Source: global traffic HTTP traffic detected: POST /api/syncro_device/custom_fields/set_powershell_version HTTP/1.1Content-Type: application/json; charset=UTF-8Host: wlndows.syncroapi.comContent-Length: 71Expect: 100-continueAccept-Encoding: gzip, deflateConnection: Keep-Alive
Source: global traffic HTTP traffic detected: POST /device_api/clear_alert HTTP/1.1Content-Type: application/json; charset=UTF-8Host: rmm.syncromsp.comContent-Length: 80Expect: 100-continueAccept-Encoding: gzip, deflate
Source: global traffic HTTP traffic detected: POST /device_api/clear_alert HTTP/1.1Content-Type: application/json; charset=UTF-8Host: rmm.syncromsp.comContent-Length: 89Expect: 100-continueAccept-Encoding: gzip, deflate
Source: global traffic HTTP traffic detected: POST /device_api/clear_alert HTTP/1.1Content-Type: application/json; charset=UTF-8Host: rmm.syncromsp.comContent-Length: 88Expect: 100-continueAccept-Encoding: gzip, deflate
Source: global traffic HTTP traffic detected: POST /device_api/clear_alert HTTP/1.1Content-Type: application/json; charset=UTF-8Host: rmm.syncromsp.comContent-Length: 87Expect: 100-continueAccept-Encoding: gzip, deflate
Source: global traffic HTTP traffic detected: POST /device_api/alert HTTP/1.1Content-Type: application/json; charset=UTF-8Host: rmm.syncromsp.comContent-Length: 178Expect: 100-continueAccept-Encoding: gzip, deflate
Source: global traffic HTTP traffic detected: POST / HTTP/1.1Content-Type: application/json; charset=UTF-8Host: ld.aurelius.hostContent-Length: 18860Expect: 100-continueAccept-Encoding: gzip, deflateConnection: Keep-Alive
Source: global traffic HTTP traffic detected: POST / HTTP/1.1Content-Type: application/json; charset=UTF-8Host: ld.aurelius.hostContent-Length: 1464Expect: 100-continueAccept-Encoding: gzip, deflate
Source: global traffic HTTP traffic detected: POST /device_api/alert HTTP/1.1Content-Type: application/json; charset=UTF-8Host: rmm.syncromsp.comContent-Length: 178Expect: 100-continueAccept-Encoding: gzip, deflateConnection: Keep-Alive
Source: global traffic HTTP traffic detected: POST /api/syncro_device/custom_fields/set_powershell_version HTTP/1.1Content-Type: application/json; charset=UTF-8Host: wlndows.syncroapi.comCookie: __cflb=02DiuG4ZhRAH6d8F7qWVk1BZR6oHrfyhTcbjcmQt4TbLGContent-Length: 71Expect: 100-continueAccept-Encoding: gzip, deflateConnection: Keep-Alive
Source: global traffic HTTP traffic detected: POST /device_api/clear_alert HTTP/1.1Content-Type: application/json; charset=UTF-8Host: rmm.syncromsp.comContent-Length: 81Expect: 100-continueAccept-Encoding: gzip, deflateConnection: Keep-Alive
Source: global traffic HTTP traffic detected: POST /device_api/clear_alert HTTP/1.1Content-Type: application/json; charset=UTF-8Host: rmm.syncromsp.comContent-Length: 88Expect: 100-continueAccept-Encoding: gzip, deflate
Source: global traffic HTTP traffic detected: POST /device_api/clear_alert HTTP/1.1Content-Type: application/json; charset=UTF-8Host: rmm.syncromsp.comContent-Length: 90Expect: 100-continueAccept-Encoding: gzip, deflate
Source: global traffic HTTP traffic detected: POST /device_api/alert HTTP/1.1Content-Type: application/json; charset=UTF-8Host: rmm.syncromsp.comContent-Length: 178Expect: 100-continueAccept-Encoding: gzip, deflate
Source: global traffic HTTP traffic detected: POST / HTTP/1.1Content-Type: application/json; charset=UTF-8Host: ld.aurelius.hostContent-Length: 14780Expect: 100-continueAccept-Encoding: gzip, deflateConnection: Keep-Alive
Source: global traffic HTTP traffic detected: POST /api/syncro_device/custom_fields/set_powershell_version HTTP/1.1Content-Type: application/json; charset=UTF-8Host: wlndows.syncroapi.comCookie: __cflb=02DiuG4ZhRAH6d8F7qWVk1BZR6oHrfyhTcbjcmQt4TbLGContent-Length: 71Expect: 100-continueAccept-Encoding: gzip, deflateConnection: Keep-Alive
Source: global traffic HTTP traffic detected: POST /device_api/alert HTTP/1.1Content-Type: application/json; charset=UTF-8Host: rmm.syncromsp.comContent-Length: 178Accept-Encoding: gzip, deflate
Source: global traffic HTTP traffic detected: POST / HTTP/1.1Content-Type: application/json; charset=UTF-8Host: ld.aurelius.hostContent-Length: 10644Expect: 100-continueAccept-Encoding: gzip, deflateConnection: Keep-Alive
Source: global traffic HTTP traffic detected: POST /api/syncro_device/custom_fields/set_powershell_version HTTP/1.1Content-Type: application/json; charset=UTF-8Host: wlndows.syncroapi.comContent-Length: 71Expect: 100-continueAccept-Encoding: gzip, deflateConnection: Keep-Alive
Source: global traffic HTTP traffic detected: POST /device_api/alert HTTP/1.1Content-Type: application/json; charset=UTF-8Host: rmm.syncromsp.comContent-Length: 178Expect: 100-continueAccept-Encoding: gzip, deflateConnection: Keep-Alive
Source: global traffic HTTP traffic detected: POST / HTTP/1.1Content-Type: application/json; charset=UTF-8Host: ld.aurelius.hostContent-Length: 1372Expect: 100-continueAccept-Encoding: gzip, deflateConnection: Keep-Alive
Source: global traffic HTTP traffic detected: POST / HTTP/1.1Content-Type: application/json; charset=UTF-8Host: ld.aurelius.hostContent-Length: 1812Expect: 100-continueAccept-Encoding: gzip, deflate
Source: global traffic HTTP traffic detected: POST / HTTP/1.1Content-Type: application/json; charset=UTF-8Host: ld.aurelius.hostContent-Length: 11512Expect: 100-continueAccept-Encoding: gzip, deflate
Source: global traffic HTTP traffic detected: POST /api/syncro_device/custom_fields/set_powershell_version HTTP/1.1Content-Type: application/json; charset=UTF-8Host: wlndows.syncroapi.comContent-Length: 71Expect: 100-continueAccept-Encoding: gzip, deflateConnection: Keep-Alive
Source: global traffic HTTP traffic detected: POST /device_api/alert HTTP/1.1Content-Type: application/json; charset=UTF-8Host: rmm.syncromsp.comContent-Length: 178Expect: 100-continueAccept-Encoding: gzip, deflateConnection: Keep-Alive
Source: global traffic HTTP traffic detected: POST / HTTP/1.1Content-Type: application/json; charset=UTF-8Host: ld.aurelius.hostContent-Length: 2084Expect: 100-continueAccept-Encoding: gzip, deflateConnection: Keep-Alive
Source: global traffic HTTP traffic detected: POST / HTTP/1.1Content-Type: application/json; charset=UTF-8Host: ld.aurelius.hostContent-Length: 1472Expect: 100-continueAccept-Encoding: gzip, deflate
Source: global traffic HTTP traffic detected: POST / HTTP/1.1Content-Type: application/json; charset=UTF-8Host: ld.aurelius.hostContent-Length: 2212Expect: 100-continueAccept-Encoding: gzip, deflate
Source: global traffic HTTP traffic detected: POST / HTTP/1.1Content-Type: application/json; charset=UTF-8Host: ld.aurelius.hostContent-Length: 1704Expect: 100-continueAccept-Encoding: gzip, deflate
Source: global traffic HTTP traffic detected: POST / HTTP/1.1Content-Type: application/json; charset=UTF-8Host: ld.aurelius.hostContent-Length: 12120Expect: 100-continueAccept-Encoding: gzip, deflate
Source: global traffic HTTP traffic detected: GET /Route HTTP/1.1Cache-Control: no-cacheConnection: keep-alive, UpgradePragma: no-cacheUpgrade: websocketHost: traversal.syncromsp.comSec-WebSocket-Key: DgqjeDnf8k6g0PCPCPZf5Q==Sec-WebSocket-Version: 13
Source: global traffic HTTP traffic detected: GET /Route HTTP/1.1Cache-Control: no-cacheConnection: keep-alive, UpgradePragma: no-cacheUpgrade: websocketHost: traversal.syncromsp.comSec-WebSocket-Key: 4EPkgxOi0UOKMYGGlDiRqQ==Sec-WebSocket-Version: 13
Source: global traffic HTTP traffic detected: GET /Route HTTP/1.1Cache-Control: no-cacheConnection: keep-alive, UpgradePragma: no-cacheUpgrade: websocketHost: traversal.syncromsp.comSec-WebSocket-Key: Vc7K3QnUCUW3E8I6svVaLA==Sec-WebSocket-Version: 13
Source: global traffic HTTP traffic detected: POST /device_api/metric HTTP/1.1Content-Type: application/json; charset=UTF-8Host: rmm.syncromsp.comContent-Length: 136Expect: 100-continueAccept-Encoding: gzip, deflateConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /device_api/check_active?device_uuid=08bc108c-6328-49e2-9e11-d1871af9471c HTTP/1.1Host: rmm.syncromsp.comAccept-Encoding: gzip, deflate
Source: global traffic HTTP traffic detected: GET /device_api/sync_device?device_uuid=08bc108c-6328-49e2-9e11-d1871af9471c&api_version=1 HTTP/1.1Host: rmm.syncromsp.comAccept-Encoding: gzip, deflate
Source: global traffic HTTP traffic detected: POST /api/syncro_device/custom_fields/set_powershell_version HTTP/1.1Content-Type: application/json; charset=UTF-8Host: wlndows.syncroapi.comContent-Length: 71Expect: 100-continueAccept-Encoding: gzip, deflateConnection: Keep-Alive
Source: global traffic HTTP traffic detected: POST /device_api/alert HTTP/1.1Content-Type: application/json; charset=UTF-8Host: rmm.syncromsp.comContent-Length: 178Expect: 100-continueAccept-Encoding: gzip, deflate
Source: global traffic HTTP traffic detected: GET /Route HTTP/1.1Cache-Control: no-cacheConnection: keep-alive, UpgradePragma: no-cacheUpgrade: websocketHost: traversal.syncromsp.comSec-WebSocket-Key: 1NFrE0IZkkOUOuvZ8yXDtA==Sec-WebSocket-Version: 13
Source: global traffic HTTP traffic detected: POST / HTTP/1.1Content-Type: application/json; charset=UTF-8Host: ld.aurelius.hostContent-Length: 15396Expect: 100-continueAccept-Encoding: gzip, deflateConnection: Keep-Alive
Source: global traffic HTTP traffic detected: POST / HTTP/1.1Content-Type: application/json; charset=UTF-8Host: ld.aurelius.hostContent-Length: 1612Expect: 100-continueAccept-Encoding: gzip, deflate
Source: global traffic HTTP traffic detected: POST / HTTP/1.1Content-Type: application/json; charset=UTF-8Host: ld.aurelius.hostContent-Length: 644Expect: 100-continueAccept-Encoding: gzip, deflate
Source: global traffic HTTP traffic detected: POST / HTTP/1.1Content-Type: application/json; charset=UTF-8Host: ld.aurelius.hostContent-Length: 1336Expect: 100-continueAccept-Encoding: gzip, deflate
Source: global traffic HTTP traffic detected: POST / HTTP/1.1Content-Type: application/json; charset=UTF-8Host: ld.aurelius.hostContent-Length: 2300Expect: 100-continueAccept-Encoding: gzip, deflate
Source: global traffic HTTP traffic detected: POST / HTTP/1.1Content-Type: application/json; charset=UTF-8Host: ld.aurelius.hostContent-Length: 1040Expect: 100-continueAccept-Encoding: gzip, deflate
IP address seen in connection with other malware
Source: Joe Sandbox View IP Address: 52.40.78.72 52.40.78.72
Source: Joe Sandbox View IP Address: 3.222.92.158 3.222.92.158
Source: Joe Sandbox View IP Address: 54.84.28.205 54.84.28.205
JA3 SSL client fingerprint seen in connection with other malware
Source: Joe Sandbox View JA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global traffic HTTP traffic detected: GET /device_api/auth/?shop_api_key=2prOdS61b-sQSAp6i_WVtA&installer_version=1.0.180 HTTP/1.1Accept: application/jsonHost: rmm.syncromsp.comAccept-Encoding: gzip, deflateConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /syncro/main/updates/RELEASES HTTP/1.1Host: production.kabutoservices.comAccept-Encoding: gzip, deflateConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /syncro/main/updates/Syncro-1.0.181.14910-full.nupkg HTTP/1.1Host: production.kabutoservices.comAccept-Encoding: gzip, deflate
Source: global traffic HTTP traffic detected: GET /api/syncro_device/installers/policy_id.json?customer_id=1375393&folder_id=3758119 HTTP/1.1Host: admin.syncroapi.comAccept-Encoding: gzip, deflateConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET //device_api/sync_device?device_uuid=08bc108c-6328-49e2-9e11-d1871af9471c HTTP/1.1Content-Type: application/jsonHost: rmm.syncromsp.comAccept-Encoding: gzip, deflate
Source: global traffic HTTP traffic detected: GET /device_api/check_active?device_uuid=08bc108c-6328-49e2-9e11-d1871af9471c HTTP/1.1Accept: application/json, application/xml, text/json, text/x-json, text/javascript, text/xml, application/jsonUser-Agent: RestSharp/106.2.1.0Host: rmm.syncromsp.comAccept-Encoding: gzip, deflate
Source: global traffic HTTP traffic detected: GET /device_api/sync_device?device_uuid=08bc108c-6328-49e2-9e11-d1871af9471c&api_version=1 HTTP/1.1Accept: application/json, application/xml, text/json, text/x-json, text/javascript, text/xml, application/jsonUser-Agent: RestSharp/106.2.1.0Host: rmm.syncromsp.comAccept-Encoding: gzip, deflate
Source: global traffic HTTP traffic detected: GET /socket/websocket?token=08bc108c-6328-49e2-9e11-d1871af9471c HTTP/1.1User-Agent: websocket-sharp/1.0Host: realtime.kabutoservices.comUpgrade: websocketConnection: UpgradeSec-WebSocket-Key: FWSJYCwrmtNtbH4o2vDU/w==Sec-WebSocket-Version: 13
Source: global traffic HTTP traffic detected: GET /syncro/overmind/updates/releases HTTP/1.1User-Agent: Syncro/1.0.181 (08bc108c-6328-49e2-9e11-d1871af9471c)Host: production.kabutoservices.comAccept-Encoding: gzip, deflateConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /syncro/overmind/updates/Syncro.Overmind.Service-1.0.27.exe HTTP/1.1User-Agent: Syncro/1.0.181 (08bc108c-6328-49e2-9e11-d1871af9471c)Host: production.kabutoservices.comAccept-Encoding: gzip, deflate
Source: global traffic HTTP traffic detected: GET /syncro/main/updates/servicing.defaults.json HTTP/1.1User-Agent: Servicing/1.0.27 (08bc108c-6328-49e2-9e11-d1871af9471c) [4.8.4515.0;528372]Host: production.kabutoservices.comAccept-Encoding: gzip, deflateConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /socket/websocket?token=08bc108c-6328-49e2-9e11-d1871af9471c HTTP/1.1User-Agent: websocket-sharp/1.0Host: realtime.kabutoservices.comUpgrade: websocketConnection: UpgradeSec-WebSocket-Key: n1YxfdSlCYk0pG/XccJ+qQ==Sec-WebSocket-Version: 13
Source: global traffic HTTP traffic detected: GET /device_api/check_active?device_uuid=08bc108c-6328-49e2-9e11-d1871af9471c HTTP/1.1Accept: application/json, application/xml, text/json, text/x-json, text/javascript, text/xml, application/jsonUser-Agent: RestSharp/106.2.1.0Host: rmm.syncromsp.comAccept-Encoding: gzip, deflate
Source: global traffic HTTP traffic detected: GET /device_api/sync_device?device_uuid=08bc108c-6328-49e2-9e11-d1871af9471c&api_version=1 HTTP/1.1Accept: application/json, application/xml, text/json, text/x-json, text/javascript, text/xml, application/jsonUser-Agent: RestSharp/106.2.1.0Host: rmm.syncromsp.comAccept-Encoding: gzip, deflate
Source: global traffic HTTP traffic detected: GET /syncro/overmind/updates/releases HTTP/1.1User-Agent: Syncro/1.0.181 (08bc108c-6328-49e2-9e11-d1871af9471c)Host: production.kabutoservices.comAccept-Encoding: gzip, deflateConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /device_api/check_active?device_uuid=08bc108c-6328-49e2-9e11-d1871af9471c HTTP/1.1Accept: application/json, application/xml, text/json, text/x-json, text/javascript, text/xml, application/jsonUser-Agent: RestSharp/106.2.1.0Host: rmm.syncromsp.comAccept-Encoding: gzip, deflateConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /device_api/sync_device?device_uuid=08bc108c-6328-49e2-9e11-d1871af9471c&api_version=1 HTTP/1.1Accept: application/json, application/xml, text/json, text/x-json, text/javascript, text/xml, application/jsonUser-Agent: RestSharp/106.2.1.0Host: rmm.syncromsp.comAccept-Encoding: gzip, deflate
Source: global traffic HTTP traffic detected: GET /syncro/overmind/updates/releases HTTP/1.1User-Agent: Syncro/1.0.181 (08bc108c-6328-49e2-9e11-d1871af9471c)Host: production.kabutoservices.comAccept-Encoding: gzip, deflateConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /servicing/api/v1/inventory?sc=syncro-rtm&st=syncro&du=08bc108c-6328-49e2-9e11-d1871af9471c HTTP/1.1User-Agent: Servicing/1.0.27 (08bc108c-6328-49e2-9e11-d1871af9471c) [4.8.4515.0;528372]Host: production.kabutoservices.comAccept-Encoding: gzip, deflate
Source: global traffic HTTP traffic detected: GET /device_api/check_active?device_uuid=08bc108c-6328-49e2-9e11-d1871af9471c HTTP/1.1Accept: application/json, application/xml, text/json, text/x-json, text/javascript, text/xml, application/jsonUser-Agent: RestSharp/106.2.1.0Host: rmm.syncromsp.comAccept-Encoding: gzip, deflate
Source: global traffic HTTP traffic detected: GET /syncro/main/updates/RELEASES?id=Syncro&localVersion=1.0.181.14910&arch=amd64 HTTP/1.1User-Agent: Syncro/1.0.181 (08bc108c-6328-49e2-9e11-d1871af9471c)Host: production.kabutoservices.comAccept-Encoding: gzip, deflate
Source: global traffic HTTP traffic detected: GET /device_api/sync_device?device_uuid=08bc108c-6328-49e2-9e11-d1871af9471c&api_version=1 HTTP/1.1Accept: application/json, application/xml, text/json, text/x-json, text/javascript, text/xml, application/jsonUser-Agent: RestSharp/106.2.1.0Host: rmm.syncromsp.comAccept-Encoding: gzip, deflate
Source: global traffic HTTP traffic detected: GET /servicing/files/2/5/579a4ca214cab85642c04191f0f9c60a545dfe52 HTTP/1.1User-Agent: Servicing/1.0.27 (08bc108c-6328-49e2-9e11-d1871af9471c) [4.8.4515.0;528372]Host: production.kabutoservices.comAccept-Encoding: gzip, deflate
Source: global traffic HTTP traffic detected: GET /syncro/overmind/updates/releases HTTP/1.1User-Agent: Syncro/1.0.181 (08bc108c-6328-49e2-9e11-d1871af9471c)Host: production.kabutoservices.comAccept-Encoding: gzip, deflateConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /servicing/files/c/2/daf9d05bc8a143caaf28a6f3fcd8b2b3ef4e8d2c HTTP/1.1User-Agent: Servicing/1.0.27 (08bc108c-6328-49e2-9e11-d1871af9471c) [4.8.4515.0;528372]Host: production.kabutoservices.comAccept-Encoding: gzip, deflate
Source: global traffic HTTP traffic detected: GET /servicing/files/1/1/bc0ef6e22dc9248d10ef88283e50059cb741d611 HTTP/1.1User-Agent: Servicing/1.0.27 (08bc108c-6328-49e2-9e11-d1871af9471c) [4.8.4515.0;528372]Host: production.kabutoservices.comAccept-Encoding: gzip, deflate
Source: global traffic HTTP traffic detected: GET /servicing/files/5/d/1c8b8747f6ff4443826ef247fb38a0acf65f6fd5 HTTP/1.1User-Agent: Servicing/1.0.27 (08bc108c-6328-49e2-9e11-d1871af9471c) [4.8.4515.0;528372]Host: production.kabutoservices.comAccept-Encoding: gzip, deflate
Source: global traffic HTTP traffic detected: GET /servicing/files/c/b/d1c2d20629337d9b3497876f2cf88255468a83bc HTTP/1.1User-Agent: Servicing/1.0.27 (08bc108c-6328-49e2-9e11-d1871af9471c) [4.8.4515.0;528372]Host: production.kabutoservices.comAccept-Encoding: gzip, deflate
Source: global traffic HTTP traffic detected: GET /device_api/check_active?device_uuid=08bc108c-6328-49e2-9e11-d1871af9471c HTTP/1.1Accept: application/json, application/xml, text/json, text/x-json, text/javascript, text/xml, application/jsonUser-Agent: RestSharp/106.2.1.0Host: rmm.syncromsp.comAccept-Encoding: gzip, deflateConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /syncro/main/updates/RELEASES?id=Syncro&localVersion=1.0.181.14910&arch=amd64 HTTP/1.1User-Agent: Syncro/1.0.181 (08bc108c-6328-49e2-9e11-d1871af9471c)Host: production.kabutoservices.comAccept-Encoding: gzip, deflateConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /servicing/files/1/1/bc0ef6e22dc9248d10ef88283e50059cb741d611 HTTP/1.1User-Agent: Servicing/1.0.27 (08bc108c-6328-49e2-9e11-d1871af9471c) [4.8.4515.0;528372]Host: production.kabutoservices.comAccept-Encoding: gzip, deflate
Source: global traffic HTTP traffic detected: GET /device_api/sync_device?device_uuid=08bc108c-6328-49e2-9e11-d1871af9471c&api_version=1 HTTP/1.1Accept: application/json, application/xml, text/json, text/x-json, text/javascript, text/xml, application/jsonUser-Agent: RestSharp/106.2.1.0Host: rmm.syncromsp.comAccept-Encoding: gzip, deflate
Source: global traffic HTTP traffic detected: GET /servicing/files/e/3/43cf91f6e057b0461972589d155b71d28edb5e3e HTTP/1.1User-Agent: Servicing/1.0.27 (08bc108c-6328-49e2-9e11-d1871af9471c) [4.8.4515.0;528372]Host: production.kabutoservices.comAccept-Encoding: gzip, deflate
Source: global traffic HTTP traffic detected: GET /syncro/overmind/updates/releases HTTP/1.1User-Agent: Syncro/1.0.181 (08bc108c-6328-49e2-9e11-d1871af9471c)Host: production.kabutoservices.comAccept-Encoding: gzip, deflateConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /servicing/files/2/f/326795e1b86bb2193560447e382b4458fa1d08f2 HTTP/1.1User-Agent: Servicing/1.0.27 (08bc108c-6328-49e2-9e11-d1871af9471c) [4.8.4515.0;528372]Host: production.kabutoservices.comAccept-Encoding: gzip, deflate
Source: global traffic HTTP traffic detected: GET /servicing/files/e/2/cf1c68760b94cd372a163767f9713bde6bc27f2e HTTP/1.1User-Agent: Servicing/1.0.27 (08bc108c-6328-49e2-9e11-d1871af9471c) [4.8.4515.0;528372]Host: production.kabutoservices.comAccept-Encoding: gzip, deflate
Source: global traffic HTTP traffic detected: GET /Route HTTP/1.1Cache-Control: no-cacheConnection: keep-alive, UpgradePragma: no-cacheUpgrade: websocketHost: traversal.syncromsp.comSec-WebSocket-Key: DgqjeDnf8k6g0PCPCPZf5Q==Sec-WebSocket-Version: 13
Source: global traffic HTTP traffic detected: GET /Route HTTP/1.1Cache-Control: no-cacheConnection: keep-alive, UpgradePragma: no-cacheUpgrade: websocketHost: traversal.syncromsp.comSec-WebSocket-Key: 4EPkgxOi0UOKMYGGlDiRqQ==Sec-WebSocket-Version: 13
Source: global traffic HTTP traffic detected: GET /Route HTTP/1.1Cache-Control: no-cacheConnection: keep-alive, UpgradePragma: no-cacheUpgrade: websocketHost: traversal.syncromsp.comSec-WebSocket-Key: Vc7K3QnUCUW3E8I6svVaLA==Sec-WebSocket-Version: 13
Source: global traffic HTTP traffic detected: GET /device_api/check_active?device_uuid=08bc108c-6328-49e2-9e11-d1871af9471c HTTP/1.1Host: rmm.syncromsp.comAccept-Encoding: gzip, deflate
Source: global traffic HTTP traffic detected: GET /device_api/sync_device?device_uuid=08bc108c-6328-49e2-9e11-d1871af9471c&api_version=1 HTTP/1.1Host: rmm.syncromsp.comAccept-Encoding: gzip, deflate
Source: global traffic HTTP traffic detected: GET /syncro/overmind/updates/RELEASES HTTP/1.1User-Agent: Overmind/1.0.27 (08bc108c-6328-49e2-9e11-d1871af9471c)Host: production.kabutoservices.comAccept-Encoding: gzip, deflateConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /servicing/api/v1/inventory?sc=syncro-rtm&st=syncro&du=08bc108c-6328-49e2-9e11-d1871af9471c HTTP/1.1User-Agent: Servicing/1.0.27 (08bc108c-6328-49e2-9e11-d1871af9471c) [4.8.4515.0;528372]If-None-Match: "65dfac1c-48f5"Host: production.kabutoservices.comAccept-Encoding: gzip, deflateConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /Route HTTP/1.1Cache-Control: no-cacheConnection: keep-alive, UpgradePragma: no-cacheUpgrade: websocketHost: traversal.syncromsp.comSec-WebSocket-Key: 1NFrE0IZkkOUOuvZ8yXDtA==Sec-WebSocket-Version: 13
Source: global traffic HTTP traffic detected: GET /syncro/overmind/updates/releases HTTP/1.1User-Agent: Syncro/1.0.182 (08bc108c-6328-49e2-9e11-d1871af9471c)Host: production.kabutoservices.comAccept-Encoding: gzip, deflateConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /syncro/overmind/updates/RELEASES HTTP/1.1User-Agent: Overmind/1.0.27 (08bc108c-6328-49e2-9e11-d1871af9471c)Host: production.kabutoservices.comAccept-Encoding: gzip, deflate
Source: unknown DNS traffic detected: queries for: rmm.syncromsp.com
Source: unknown HTTP traffic detected: POST /device_api/device HTTP/1.1Content-Type: application/json; charset=UTF-8Host: rmm.syncromsp.comContent-Length: 3895Expect: 100-continueAccept-Encoding: gzip, deflateConnection: Keep-Alive
Source: Syncro.Installer.exe, 00000002.00000002.2309646185.0000021C0048A000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://admin.syncroapi.com
Source: Syncro.Installer.exe, 00000002.00000002.2324699686.0000021C75AE0000.00000004.08000000.00040000.00000000.sdmp, Syncro.Service.Runner.exe, 00000009.00000002.3474168240.0000022A79D42000.00000002.00000001.01000000.00000033.sdmp, Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A618DB000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anywhere.webrootcloudav.com/zerol/wsasme.exe
Source: Syncro.Installer.exe, 00000002.00000002.2324699686.0000021C75AE0000.00000004.08000000.00040000.00000000.sdmp, Syncro.Service.Runner.exe, 00000009.00000002.3474168240.0000022A79D42000.00000002.00000001.01000000.00000033.sdmp String found in binary or memory: http://anywhere.webrootcloudav.com/zerol/wsasme.exeUWebRoot
Source: Syncro.Installer.exe, 00000002.00000002.2309646185.0000021C0010A000.00000004.00000800.00020000.00000000.sdmp, Syncro.Installer.exe, 00000002.00000002.2316441248.0000021C10001000.00000004.00000800.00020000.00000000.sdmp, Syncro.Installer.exe, 00000002.00000002.2323006385.0000021C755C0000.00000004.08000000.00040000.00000000.sdmp, Syncro.Overmind.Service.exe, 0000000E.00000002.2467329958.0000017216854000.00000004.00000800.00020000.00000000.sdmp, Syncro.Overmind.Service.exe, 0000000E.00000002.2467329958.00000172165C9000.00000004.00000800.00020000.00000000.sdmp, Syncro.Overmind.Service.exe, 00000011.00000002.3594084272.0000023C0F567000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: Syncro.Installer.exe, 00000002.00000002.2309646185.0000021C0010A000.00000004.00000800.00020000.00000000.sdmp, Syncro.Installer.exe, 00000002.00000002.2316441248.0000021C10001000.00000004.00000800.00020000.00000000.sdmp, Syncro.Installer.exe, 00000002.00000002.2323006385.0000021C755C0000.00000004.08000000.00040000.00000000.sdmp, Syncro.Overmind.Service.exe, 0000000E.00000002.2467329958.0000017216854000.00000004.00000800.00020000.00000000.sdmp, Syncro.Overmind.Service.exe, 0000000E.00000002.2467329958.00000172165C9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://cacerts.digicert.com/DigiCertCSRSA4096RootG5.crt0E
Source: Syncro.Installer.exe, 00000002.00000002.2309646185.0000021C0010A000.00000004.00000800.00020000.00000000.sdmp, Syncro.Installer.exe, 00000002.00000002.2316441248.0000021C10001000.00000004.00000800.00020000.00000000.sdmp, Syncro.Installer.exe, 00000002.00000002.2323006385.0000021C755C0000.00000004.08000000.00040000.00000000.sdmp, Syncro.Overmind.Service.exe, 0000000E.00000002.2467329958.0000017216854000.00000004.00000800.00020000.00000000.sdmp, Syncro.Overmind.Service.exe, 0000000E.00000002.2467329958.00000172165C9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: Syncro.Installer.exe, 00000002.00000002.2309646185.0000021C0010A000.00000004.00000800.00020000.00000000.sdmp, Syncro.Installer.exe, 00000002.00000002.2316441248.0000021C10001000.00000004.00000800.00020000.00000000.sdmp, Syncro.Installer.exe, 00000002.00000002.2323006385.0000021C755C0000.00000004.08000000.00040000.00000000.sdmp, Syncro.Overmind.Service.exe, 0000000E.00000002.2467329958.0000017216854000.00000004.00000800.00020000.00000000.sdmp, Syncro.Overmind.Service.exe, 0000000E.00000002.2467329958.00000172165C9000.00000004.00000800.00020000.00000000.sdmp, Syncro.Overmind.Service.exe, 00000011.00000002.3594084272.0000023C0F567000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: Syncro.Installer.exe, 00000002.00000002.2309646185.0000021C0010A000.00000004.00000800.00020000.00000000.sdmp, Syncro.Installer.exe, 00000002.00000002.2316441248.0000021C10001000.00000004.00000800.00020000.00000000.sdmp, Syncro.Installer.exe, 00000002.00000002.2323006385.0000021C755C0000.00000004.08000000.00040000.00000000.sdmp, Syncro.Overmind.Service.exe, 0000000E.00000002.2467329958.0000017216854000.00000004.00000800.00020000.00000000.sdmp, Syncro.Overmind.Service.exe, 0000000E.00000002.2467329958.00000172165C9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://cacerts.digicert.com/NETFoundationProjectsCodeSigningCA2.crt0
Source: INVOICE31401001340.exe, Syncro.App.Runner.exe0.2.dr, deniszykov.WebSocketListener.dll.17.dr String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl04
Source: Syncro.Installer.exe, 00000002.00000002.2321950328.0000021C754D2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000003.00000002.3574308507.0000015ABECA4000.00000004.00000020.00020000.00000000.sdmp, Syncro.Service.Runner.exe, 00000009.00000002.3497855200.0000022A7AC1D000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
Source: INVOICE31401001340.exe, Syncro.App.Runner.exe0.2.dr, deniszykov.WebSocketListener.dll.17.dr String found in binary or memory: http://crl.sectigo.com/SectigoRSACodeSigningCA.crl0s
Source: INVOICE31401001340.exe, Syncro.App.Runner.exe0.2.dr, deniszykov.WebSocketListener.dll.17.dr String found in binary or memory: http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t
Source: svchost.exe, 00000003.00000002.3574090363.0000015ABEC00000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl.ver)
Source: Syncro.Installer.exe, 00000002.00000002.2309646185.0000021C0010A000.00000004.00000800.00020000.00000000.sdmp, Syncro.Installer.exe, 00000002.00000002.2316441248.0000021C10001000.00000004.00000800.00020000.00000000.sdmp, Syncro.Installer.exe, 00000002.00000002.2323006385.0000021C755C0000.00000004.08000000.00040000.00000000.sdmp, Syncro.Overmind.Service.exe, 0000000E.00000002.2467329958.0000017216854000.00000004.00000800.00020000.00000000.sdmp, Syncro.Overmind.Service.exe, 0000000E.00000002.2467329958.00000172165C9000.00000004.00000800.00020000.00000000.sdmp, Syncro.Overmind.Service.exe, 00000011.00000002.3594084272.0000023C0F567000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: Syncro.Installer.exe, 00000002.00000002.2309646185.0000021C0010A000.00000004.00000800.00020000.00000000.sdmp, Syncro.Installer.exe, 00000002.00000002.2316441248.0000021C10001000.00000004.00000800.00020000.00000000.sdmp, Syncro.Installer.exe, 00000002.00000002.2323006385.0000021C755C0000.00000004.08000000.00040000.00000000.sdmp, Syncro.Overmind.Service.exe, 0000000E.00000002.2467329958.0000017216854000.00000004.00000800.00020000.00000000.sdmp, Syncro.Overmind.Service.exe, 0000000E.00000002.2467329958.00000172165C9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://crl3.digicert.com/DigiCertCSRSA4096RootG5.crl0
Source: Syncro.Installer.exe, 00000002.00000002.2309646185.0000021C0010A000.00000004.00000800.00020000.00000000.sdmp, Syncro.Installer.exe, 00000002.00000002.2316441248.0000021C10001000.00000004.00000800.00020000.00000000.sdmp, Syncro.Installer.exe, 00000002.00000002.2323006385.0000021C755C0000.00000004.08000000.00040000.00000000.sdmp, Syncro.Overmind.Service.exe, 0000000E.00000002.2467329958.0000017216854000.00000004.00000800.00020000.00000000.sdmp, Syncro.Overmind.Service.exe, 0000000E.00000002.2467329958.00000172165C9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: Syncro.Installer.exe, 00000002.00000002.2309646185.0000021C0010A000.00000004.00000800.00020000.00000000.sdmp, Syncro.Installer.exe, 00000002.00000002.2316441248.0000021C10001000.00000004.00000800.00020000.00000000.sdmp, Syncro.Installer.exe, 00000002.00000002.2323006385.0000021C755C0000.00000004.08000000.00040000.00000000.sdmp, Syncro.Overmind.Service.exe, 0000000E.00000002.2467329958.0000017216854000.00000004.00000800.00020000.00000000.sdmp, Syncro.Overmind.Service.exe, 0000000E.00000002.2467329958.00000172165C9000.00000004.00000800.00020000.00000000.sdmp, Syncro.Overmind.Service.exe, 00000011.00000002.3594084272.0000023C0F567000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: Syncro.Installer.exe, 00000002.00000002.2309646185.0000021C0010A000.00000004.00000800.00020000.00000000.sdmp, Syncro.Installer.exe, 00000002.00000002.2316441248.0000021C10001000.00000004.00000800.00020000.00000000.sdmp, Syncro.Installer.exe, 00000002.00000002.2323006385.0000021C755C0000.00000004.08000000.00040000.00000000.sdmp, Syncro.Overmind.Service.exe, 0000000E.00000002.2467329958.0000017216854000.00000004.00000800.00020000.00000000.sdmp, Syncro.Overmind.Service.exe, 0000000E.00000002.2467329958.00000172165C9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://crl3.digicert.com/NETFoundationProjectsCodeSigningCA2.crl0F
Source: Syncro.Installer.exe, 00000002.00000002.2309646185.0000021C0010A000.00000004.00000800.00020000.00000000.sdmp, Syncro.Installer.exe, 00000002.00000002.2316441248.0000021C10001000.00000004.00000800.00020000.00000000.sdmp, Syncro.Installer.exe, 00000002.00000002.2323006385.0000021C755C0000.00000004.08000000.00040000.00000000.sdmp, Syncro.Overmind.Service.exe, 0000000E.00000002.2467329958.0000017216854000.00000004.00000800.00020000.00000000.sdmp, Syncro.Overmind.Service.exe, 0000000E.00000002.2467329958.00000172165C9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://crl4.digicert.com/NETFoundationProjectsCodeSigningCA2.crl0=
Source: INVOICE31401001340.exe, Syncro.App.Runner.exe0.2.dr, deniszykov.WebSocketListener.dll.17.dr String found in binary or memory: http://crt.sectigo.com/SectigoRSACodeSigningCA.crt0#
Source: Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A617E8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://crt.sectigo.com/SectigoRSATimeStampingCA.c
Source: INVOICE31401001340.exe, Syncro.App.Runner.exe0.2.dr, deniszykov.WebSocketListener.dll.17.dr String found in binary or memory: http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#
Source: Syncro.App.Runner.exe, 0000000D.00000002.2896983400.000002133DFCF000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000012.00000002.3121137427.00000218BE510000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000014.00000002.3260005199.000002CB58632000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000015.00000002.3363994649.0000020700281000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://defaultcontainer/RepairTech.Common.Wpf;component/Wpf/XamlResources/ButtonStyles.xaml
Source: Syncro.App.Runner.exe, 0000000D.00000002.2896983400.000002133DFCF000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000012.00000002.3121137427.00000218BE510000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000014.00000002.3260005199.000002CB58632000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000015.00000002.3363994649.0000020700281000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://defaultcontainer/RepairTech.Common.Wpf;component/Wpf/XamlResources/CheckBoxStyles.xaml
Source: Syncro.App.Runner.exe, 0000000D.00000002.2896983400.000002133DFCF000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000012.00000002.3121137427.00000218BE510000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000014.00000002.3260005199.000002CB58632000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000015.00000002.3363994649.0000020700281000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://defaultcontainer/RepairTech.Common.Wpf;component/Wpf/XamlResources/Converters/Converters.xaml
Source: Syncro.App.Runner.exe, 0000000D.00000002.2896983400.000002133DFCF000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000012.00000002.3121137427.00000218BE510000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000014.00000002.3260005199.000002CB58632000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000015.00000002.3363994649.0000020700281000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://defaultcontainer/RepairTech.Common.Wpf;component/Wpf/XamlResources/Icons.xaml
Source: Syncro.App.Runner.exe, 0000000D.00000002.2896983400.000002133DFCF000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000012.00000002.3121137427.00000218BE510000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000014.00000002.3260005199.000002CB58632000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000015.00000002.3363994649.0000020700281000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://defaultcontainer/RepairTech.Common.Wpf;component/Wpf/XamlResources/InputStyles.xaml
Source: Syncro.App.Runner.exe, 0000000D.00000002.2896983400.000002133DFCF000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000012.00000002.3121137427.00000218BE510000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000014.00000002.3260005199.000002CB58632000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000015.00000002.3363994649.0000020700281000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://defaultcontainer/RepairTech.Common.Wpf;component/Wpf/XamlResources/TextStyles.xaml
Source: Syncro.App.Runner.exe, 0000000D.00000002.2896983400.000002133DFCF000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000012.00000002.3121137427.00000218BE510000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000014.00000002.3260005199.000002CB58632000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000015.00000002.3363994649.0000020700281000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://defaultcontainer/RepairTech.Common.Wpf;component/Wpf/XamlResources/Variables.xaml
Source: Syncro.App.Runner.exe, 0000000D.00000002.2896983400.000002133DFCF000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000012.00000002.3121137427.00000218BE510000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000014.00000002.3260005199.000002CB58632000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000015.00000002.3363994649.0000020700281000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://defaultcontainer/Syncro.App;component/Chat/RadChatStyles.xaml
Source: Syncro.App.Runner.exe, 0000000D.00000002.2896983400.000002133DFA3000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000012.00000002.3121137427.00000218BE4E9000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000014.00000002.3260005199.000002CB58609000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000015.00000002.3363994649.0000020700261000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://defaultcontainer/Syncro.App;component/app.xaml
Source: Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A616A7000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 0000000D.00000002.2896983400.000002133DE58000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000012.00000002.3121137427.00000218BE379000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000014.00000002.3260005199.000002CB58499000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000015.00000002.3363994649.00000207000E9000.00000004.00000800.00020000.00000000.sdmp, SyncroLive.Service.Runner.exe, 0000001C.00000002.3604207409.0000023854862000.00000004.00000800.00020000.00000000.sdmp, SyncroLive.Agent.Runner.exe, 0000001D.00000002.3576854914.00000229001AB000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary
Source: Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A616A7000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 0000000D.00000002.2896983400.000002133DE58000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000012.00000002.3121137427.00000218BE379000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000014.00000002.3260005199.000002CB58499000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000015.00000002.3363994649.00000207000E9000.00000004.00000800.00020000.00000000.sdmp, SyncroLive.Service.Runner.exe, 0000001C.00000002.3604207409.0000023854862000.00000004.00000800.00020000.00000000.sdmp, SyncroLive.Agent.Runner.exe, 0000001D.00000002.3576854914.00000229001AB000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#HexBinary
Source: Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A616A7000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 0000000D.00000002.2896983400.000002133DE58000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000012.00000002.3121137427.00000218BE379000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000014.00000002.3260005199.000002CB58499000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000015.00000002.3363994649.00000207000E9000.00000004.00000800.00020000.00000000.sdmp, SyncroLive.Service.Runner.exe, 0000001C.00000002.3604207409.0000023854862000.00000004.00000800.00020000.00000000.sdmp, SyncroLive.Agent.Runner.exe, 0000001D.00000002.3576854914.00000229001AB000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Text
Source: Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A616A7000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 0000000D.00000002.2896983400.000002133DE58000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000012.00000002.3121137427.00000218BE379000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000014.00000002.3260005199.000002CB58499000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000015.00000002.3363994649.00000207000E9000.00000004.00000800.00020000.00000000.sdmp, SyncroLive.Service.Runner.exe, 0000001C.00000002.3604207409.0000023854862000.00000004.00000800.00020000.00000000.sdmp, SyncroLive.Agent.Runner.exe, 0000001D.00000002.3576854914.00000229001AB000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
Source: Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A616A7000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 0000000D.00000002.2896983400.000002133DE58000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000012.00000002.3121137427.00000218BE379000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000014.00000002.3260005199.000002CB58499000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000015.00000002.3363994649.00000207000E9000.00000004.00000800.00020000.00000000.sdmp, SyncroLive.Service.Runner.exe, 0000001C.00000002.3604207409.0000023854862000.00000004.00000800.00020000.00000000.sdmp, SyncroLive.Agent.Runner.exe, 0000001D.00000002.3576854914.00000229001AB000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
Source: Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A616A7000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 0000000D.00000002.2896983400.000002133DE58000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000012.00000002.3121137427.00000218BE379000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000014.00000002.3260005199.000002CB58499000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000015.00000002.3363994649.00000207000E9000.00000004.00000800.00020000.00000000.sdmp, SyncroLive.Service.Runner.exe, 0000001C.00000002.3604207409.0000023854862000.00000004.00000800.00020000.00000000.sdmp, SyncroLive.Agent.Runner.exe, 0000001D.00000002.3576854914.00000229001AB000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509SubjectKeyIdentif
Source: Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A616A7000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 0000000D.00000002.2896983400.000002133DE58000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000012.00000002.3121137427.00000218BE379000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000015.00000002.3363994649.00000207000E9000.00000004.00000800.00020000.00000000.sdmp, SyncroLive.Service.Runner.exe, 0000001C.00000002.3604207409.0000023854862000.00000004.00000800.00020000.00000000.sdmp, SyncroLive.Agent.Runner.exe, 0000001D.00000002.3576854914.00000229001AB000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ
Source: Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A616A7000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 0000000D.00000002.2896983400.000002133DE58000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000012.00000002.3121137427.00000218BE379000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000014.00000002.3260005199.000002CB58499000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000015.00000002.3363994649.00000207000E9000.00000004.00000800.00020000.00000000.sdmp, SyncroLive.Service.Runner.exe, 0000001C.00000002.3604207409.0000023854862000.00000004.00000800.00020000.00000000.sdmp, SyncroLive.Agent.Runner.exe, 0000001D.00000002.3576854914.00000229001AB000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ1510
Source: Syncro.App.Runner.exe, 00000014.00000002.3260005199.000002CB58499000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQP0s
Source: Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A616A7000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 0000000D.00000002.2896983400.000002133DE58000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000012.00000002.3121137427.00000218BE379000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000014.00000002.3260005199.000002CB58499000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000015.00000002.3363994649.00000207000E9000.00000004.00000800.00020000.00000000.sdmp, SyncroLive.Service.Runner.exe, 0000001C.00000002.3604207409.0000023854862000.00000004.00000800.00020000.00000000.sdmp, SyncroLive.Agent.Runner.exe, 0000001D.00000002.3576854914.00000229001AB000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#Kerberosv5APREQSHA1
Source: Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A616A7000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 0000000D.00000002.2896983400.000002133DE58000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000012.00000002.3121137427.00000218BE379000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000014.00000002.3260005199.000002CB58499000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000015.00000002.3363994649.00000207000E9000.00000004.00000800.00020000.00000000.sdmp, SyncroLive.Service.Runner.exe, 0000001C.00000002.3604207409.0000023854862000.00000004.00000800.00020000.00000000.sdmp, SyncroLive.Agent.Runner.exe, 0000001D.00000002.3576854914.00000229001AB000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-rel-token-profile-1.0.pdf#license
Source: Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A616A7000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 0000000D.00000002.2896983400.000002133DE58000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000012.00000002.3121137427.00000218BE379000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000014.00000002.3260005199.000002CB58499000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000015.00000002.3363994649.00000207000E9000.00000004.00000800.00020000.00000000.sdmp, SyncroLive.Service.Runner.exe, 0000001C.00000002.3604207409.0000023854862000.00000004.00000800.00020000.00000000.sdmp, SyncroLive.Agent.Runner.exe, 0000001D.00000002.3576854914.00000229001AB000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID
Source: Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A616A7000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 0000000D.00000002.2896983400.000002133DE58000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000012.00000002.3121137427.00000218BE379000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000014.00000002.3260005199.000002CB58499000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000015.00000002.3363994649.00000207000E9000.00000004.00000800.00020000.00000000.sdmp, SyncroLive.Service.Runner.exe, 0000001C.00000002.3604207409.0000023854862000.00000004.00000800.00020000.00000000.sdmp, SyncroLive.Agent.Runner.exe, 0000001D.00000002.3576854914.00000229001AB000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID
Source: Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A616A7000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 0000000D.00000002.2896983400.000002133DE58000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000012.00000002.3121137427.00000218BE379000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000014.00000002.3260005199.000002CB58499000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000015.00000002.3363994649.00000207000E9000.00000004.00000800.00020000.00000000.sdmp, SyncroLive.Service.Runner.exe, 0000001C.00000002.3604207409.0000023854862000.00000004.00000800.00020000.00000000.sdmp, SyncroLive.Agent.Runner.exe, 0000001D.00000002.3576854914.00000229001AB000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1
Source: Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A616A7000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 0000000D.00000002.2896983400.000002133DE58000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000012.00000002.3121137427.00000218BE379000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000014.00000002.3260005199.000002CB58499000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000015.00000002.3363994649.00000207000E9000.00000004.00000800.00020000.00000000.sdmp, SyncroLive.Service.Runner.exe, 0000001C.00000002.3604207409.0000023854862000.00000004.00000800.00020000.00000000.sdmp, SyncroLive.Agent.Runner.exe, 0000001D.00000002.3576854914.00000229001AB000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0
Source: Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A616A7000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 0000000D.00000002.2896983400.000002133DE58000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000012.00000002.3121137427.00000218BE379000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000014.00000002.3260005199.000002CB58499000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000015.00000002.3363994649.00000207000E9000.00000004.00000800.00020000.00000000.sdmp, SyncroLive.Service.Runner.exe, 0000001C.00000002.3604207409.0000023854862000.00000004.00000800.00020000.00000000.sdmp, SyncroLive.Agent.Runner.exe, 0000001D.00000002.3576854914.00000229001AB000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey
Source: Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A616A7000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 0000000D.00000002.2896983400.000002133DE58000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000012.00000002.3121137427.00000218BE379000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000014.00000002.3260005199.000002CB58499000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000015.00000002.3363994649.00000207000E9000.00000004.00000800.00020000.00000000.sdmp, SyncroLive.Agent.Runner.exe, 0000001D.00000002.3576854914.00000229001AB000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKeySHA1
Source: SyncroLive.Service.Runner.exe, 0000001C.00000002.3604207409.0000023854862000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKeySHA1pF
Source: Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A616A7000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 0000000D.00000002.2896983400.000002133DE58000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000012.00000002.3121137427.00000218BE379000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000014.00000002.3260005199.000002CB58499000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000015.00000002.3363994649.00000207000E9000.00000004.00000800.00020000.00000000.sdmp, SyncroLive.Service.Runner.exe, 0000001C.00000002.3604207409.0000023854862000.00000004.00000800.00020000.00000000.sdmp, SyncroLive.Agent.Runner.exe, 0000001D.00000002.3576854914.00000229001AB000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1
Source: Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A616A7000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 0000000D.00000002.2896983400.000002133DE58000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000012.00000002.3121137427.00000218BE379000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000014.00000002.3260005199.000002CB58499000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000015.00000002.3363994649.00000207000E9000.00000004.00000800.00020000.00000000.sdmp, SyncroLive.Service.Runner.exe, 0000001C.00000002.3604207409.0000023854862000.00000004.00000800.00020000.00000000.sdmp, SyncroLive.Agent.Runner.exe, 0000001D.00000002.3576854914.00000229001AB000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd
Source: svchost.exe, 00000003.00000003.2157620147.0000015ABEB40000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://f.c2r.ts.cdn.office.net/pr/492350f6-3a01-4f97-b9c0-c7c6ddf67d60/Office/Data/v32_16.0.16827.20
Source: Syncro.App.Runner.exe, 0000000D.00000002.2896983400.000002133DFCF000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000012.00000002.3121137427.00000218BE510000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000014.00000002.3260005199.000002CB58632000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000015.00000002.3363994649.0000020700281000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://foo/Chat/RadChatStyles.xaml
Source: Syncro.App.Runner.exe, 0000000D.00000002.2896983400.000002133DFCF000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000012.00000002.3121137427.00000218BE510000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000014.00000002.3260005199.000002CB58632000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000015.00000002.3363994649.0000020700281000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://foo/Wpf/XamlResources/ButtonStyles.xaml
Source: Syncro.App.Runner.exe, 0000000D.00000002.2896983400.000002133DFCF000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000012.00000002.3121137427.00000218BE510000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000014.00000002.3260005199.000002CB58632000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000015.00000002.3363994649.0000020700281000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://foo/Wpf/XamlResources/CheckBoxStyles.xaml
Source: Syncro.App.Runner.exe, 0000000D.00000002.2896983400.000002133DFCF000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000012.00000002.3121137427.00000218BE510000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000014.00000002.3260005199.000002CB58632000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000015.00000002.3363994649.0000020700281000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://foo/Wpf/XamlResources/Converters/Converters.xaml
Source: Syncro.App.Runner.exe, 0000000D.00000002.2896983400.000002133DFCF000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000012.00000002.3121137427.00000218BE510000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000014.00000002.3260005199.000002CB58632000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000015.00000002.3363994649.0000020700281000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://foo/Wpf/XamlResources/Icons.xaml
Source: Syncro.App.Runner.exe, 0000000D.00000002.2896983400.000002133DFCF000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000012.00000002.3121137427.00000218BE510000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000014.00000002.3260005199.000002CB58632000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000015.00000002.3363994649.0000020700281000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://foo/Wpf/XamlResources/InputStyles.xaml
Source: Syncro.App.Runner.exe, 0000000D.00000002.2896983400.000002133DFCF000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000012.00000002.3121137427.00000218BE510000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000014.00000002.3260005199.000002CB58632000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000015.00000002.3363994649.0000020700281000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://foo/Wpf/XamlResources/TextStyles.xaml
Source: Syncro.App.Runner.exe, 0000000D.00000002.2896983400.000002133DFCF000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000012.00000002.3121137427.00000218BE510000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000014.00000002.3260005199.000002CB58632000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000015.00000002.3363994649.0000020700281000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://foo/Wpf/XamlResources/Variables.xaml
Source: Syncro.App.Runner.exe, 0000000D.00000002.2896983400.000002133DFA3000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000012.00000002.3121137427.00000218BE4E9000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000014.00000002.3260005199.000002CB58609000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000015.00000002.3363994649.0000020700261000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://foo/app.xaml
Source: Syncro.App.Runner.exe, 0000000D.00000002.2896983400.000002133DFA3000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000012.00000002.3121137427.00000218BE4E9000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000014.00000002.3260005199.000002CB58609000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000015.00000002.3363994649.0000020700261000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://foo/bar/app.baml
Source: Syncro.App.Runner.exe, 00000015.00000002.3363994649.0000020700281000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://foo/bar/chat/radchatstyles.baml
Source: Syncro.App.Runner.exe, 00000015.00000002.3363994649.0000020700281000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://foo/bar/wpf/xamlresources/buttonstyles.baml
Source: Syncro.App.Runner.exe, 00000015.00000002.3363994649.0000020700281000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://foo/bar/wpf/xamlresources/checkboxstyles.baml
Source: Syncro.App.Runner.exe, 00000015.00000002.3363994649.0000020700281000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://foo/bar/wpf/xamlresources/converters/converters.baml
Source: Syncro.App.Runner.exe, 00000015.00000002.3363994649.0000020700281000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://foo/bar/wpf/xamlresources/icons.baml
Source: Syncro.App.Runner.exe, 00000015.00000002.3363994649.0000020700281000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://foo/bar/wpf/xamlresources/inputstyles.baml
Source: Syncro.App.Runner.exe, 00000015.00000002.3363994649.0000020700281000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://foo/bar/wpf/xamlresources/textstyles.baml
Source: Syncro.App.Runner.exe, 0000000D.00000002.2896983400.000002133DFCF000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://foo/bar/wpf/xamlresources/textstyles.baml0h
Source: Syncro.App.Runner.exe, 00000015.00000002.3363994649.0000020700281000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://foo/bar/wpf/xamlresources/variables.baml
Source: Syncro.Overmind.Service.exe, 0000000E.00000002.2467329958.00000172165C9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://james.newtonking.com/projects/json
Source: Syncro.Installer.exe, 00000002.00000002.2309646185.0000021C005C6000.00000004.00000800.00020000.00000000.sdmp, Syncro.Installer.exe, 00000002.00000002.2309646185.0000021C00204000.00000004.00000800.00020000.00000000.sdmp, Syncro.Installer.exe, 00000002.00000002.2309646185.0000021C00576000.00000004.00000800.00020000.00000000.sdmp, Syncro.Installer.exe, 00000002.00000002.2309646185.0000021C00583000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://k8s-default-kabutopr-bd4dfe3aec-18d42f354d40fada.elb.us-east-1.amazonaws.com
Source: Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A61F34000.00000004.00000800.00020000.00000000.sdmp, Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A61D75000.00000004.00000800.00020000.00000000.sdmp, Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A61E62000.00000004.00000800.00020000.00000000.sdmp, Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A61CF7000.00000004.00000800.00020000.00000000.sdmp, Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A61ECB000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://k8s-default-syncropr-9fed691c09-f11dcedf98c8fd64.elb.us-east-1.amazonaws.com
Source: Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A61F34000.00000004.00000800.00020000.00000000.sdmp, Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A61D75000.00000004.00000800.00020000.00000000.sdmp, Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A61E62000.00000004.00000800.00020000.00000000.sdmp, Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A61CF7000.00000004.00000800.00020000.00000000.sdmp, Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A61ECB000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://ld.aurelius.host
Source: INVOICE31401001340.exe, Syncro.App.Runner.exe0.2.dr, deniszykov.WebSocketListener.dll.17.dr String found in binary or memory: http://ocsp.comodoca.com0
Source: Syncro.Installer.exe, 00000002.00000002.2309646185.0000021C0010A000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://ocsp.digicert.co
Source: Syncro.Installer.exe, 00000002.00000002.2309646185.0000021C0010A000.00000004.00000800.00020000.00000000.sdmp, Syncro.Installer.exe, 00000002.00000002.2316441248.0000021C10001000.00000004.00000800.00020000.00000000.sdmp, Syncro.Installer.exe, 00000002.00000002.2323006385.0000021C755C0000.00000004.08000000.00040000.00000000.sdmp, Syncro.Overmind.Service.exe, 0000000E.00000002.2467329958.0000017216854000.00000004.00000800.00020000.00000000.sdmp, Syncro.Overmind.Service.exe, 0000000E.00000002.2467329958.00000172165C9000.00000004.00000800.00020000.00000000.sdmp, Syncro.Overmind.Service.exe, 00000011.00000002.3594084272.0000023C0F567000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://ocsp.digicert.com0A
Source: Syncro.Installer.exe, 00000002.00000002.2309646185.0000021C0010A000.00000004.00000800.00020000.00000000.sdmp, Syncro.Installer.exe, 00000002.00000002.2316441248.0000021C10001000.00000004.00000800.00020000.00000000.sdmp, Syncro.Installer.exe, 00000002.00000002.2323006385.0000021C755C0000.00000004.08000000.00040000.00000000.sdmp, Syncro.Overmind.Service.exe, 0000000E.00000002.2467329958.0000017216854000.00000004.00000800.00020000.00000000.sdmp, Syncro.Overmind.Service.exe, 0000000E.00000002.2467329958.00000172165C9000.00000004.00000800.00020000.00000000.sdmp, Syncro.Overmind.Service.exe, 00000011.00000002.3594084272.0000023C0F567000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://ocsp.digicert.com0C
Source: Syncro.Installer.exe, 00000002.00000002.2309646185.0000021C0010A000.00000004.00000800.00020000.00000000.sdmp, Syncro.Installer.exe, 00000002.00000002.2316441248.0000021C10001000.00000004.00000800.00020000.00000000.sdmp, Syncro.Installer.exe, 00000002.00000002.2323006385.0000021C755C0000.00000004.08000000.00040000.00000000.sdmp, Syncro.Overmind.Service.exe, 0000000E.00000002.2467329958.0000017216854000.00000004.00000800.00020000.00000000.sdmp, Syncro.Overmind.Service.exe, 0000000E.00000002.2467329958.00000172165C9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://ocsp.digicert.com0O
Source: Syncro.Installer.exe, 00000002.00000002.2309646185.0000021C0010A000.00000004.00000800.00020000.00000000.sdmp, Syncro.Installer.exe, 00000002.00000002.2316441248.0000021C10001000.00000004.00000800.00020000.00000000.sdmp, Syncro.Installer.exe, 00000002.00000002.2323006385.0000021C755C0000.00000004.08000000.00040000.00000000.sdmp, Syncro.Overmind.Service.exe, 0000000E.00000002.2467329958.0000017216854000.00000004.00000800.00020000.00000000.sdmp, Syncro.Overmind.Service.exe, 0000000E.00000002.2467329958.00000172165C9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://ocsp.digicert.com0X
Source: deniszykov.WebSocketListener.dll.17.dr String found in binary or memory: http://ocsp.sectigo.com0
Source: Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A62111000.00000004.00000800.00020000.00000000.sdmp, Syncro.Overmind.Service.exe, 00000011.00000002.3594084272.0000023C0F4FB000.00000004.00000800.00020000.00000000.sdmp, Syncro.Overmind.Service.exe, 00000011.00000002.3594084272.0000023C0F6FB000.00000004.00000800.00020000.00000000.sdmp, Syncro.Overmind.Service.exe, 00000011.00000002.3594084272.0000023C0F7FD000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://production.kabutoservices.com
Source: INVOICE31401001340.exe, 00000000.00000002.2353079397.0000000013189000.00000004.00000800.00020000.00000000.sdmp, INVOICE31401001340.exe, 00000000.00000000.2120038499.0000000000672000.00000002.00000001.01000000.00000003.sdmp, Syncro.Installer.exe, 00000002.00000000.2130594520.0000021C72832000.00000002.00000001.01000000.00000006.sdmp String found in binary or memory: http://repairtechsolutions.com/documentation/kabuto#patch_management
Source: Syncro.Installer.exe, 00000002.00000002.2309646185.0000021C005C6000.00000004.00000800.00020000.00000000.sdmp, Syncro.Installer.exe, 00000002.00000002.2309646185.0000021C00204000.00000004.00000800.00020000.00000000.sdmp, Syncro.Installer.exe, 00000002.00000002.2309646185.0000021C00576000.00000004.00000800.00020000.00000000.sdmp, Syncro.Installer.exe, 00000002.00000002.2309646185.0000021C0017D000.00000004.00000800.00020000.00000000.sdmp, Syncro.Installer.exe, 00000002.00000002.2309646185.0000021C00583000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://rmm.syncromsp.com
Source: InstallUtil.exe, 00000006.00000002.2258001463.000002070B332000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 0000000D.00000002.2896983400.000002133E0DD000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 0000000D.00000002.2896983400.000002133DE58000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000012.00000002.3121137427.00000218BE379000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000014.00000002.3260005199.000002CB5874B000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000014.00000002.3260005199.000002CB58580000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000015.00000002.3363994649.00000207001C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://schemas.datacontract.org
Source: InstallUtil.exe, 00000006.00000002.2258001463.000002070B332000.00000004.00000800.00020000.00000000.sdmp, Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A61461000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 0000000D.00000002.2896983400.000002133DD81000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000012.00000002.3121137427.00000218BE29E000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000014.00000002.3260005199.000002CB583BE000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000015.00000002.3363994649.000002070000E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://schemas.datacontract.org/2004/07/
Source: Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A61461000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 0000000D.00000002.2896983400.000002133E0DD000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 0000000D.00000002.2896983400.000002133DFA3000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 0000000D.00000002.2896983400.000002133DD81000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 0000000D.00000002.2896983400.000002133DE58000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000012.00000002.3121137427.00000218BE29E000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000012.00000002.3121137427.00000218BE5CB000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000012.00000002.3121137427.00000218BE379000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000014.00000002.3260005199.000002CB58499000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000014.00000002.3260005199.000002CB5874B000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000014.00000002.3260005199.000002CB58580000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000014.00000002.3260005199.000002CB583BE000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000014.00000002.3260005199.000002CB586FD000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000015.00000002.3363994649.00000207000E9000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000015.00000002.3363994649.000002070034B000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000015.00000002.3363994649.000002070000E000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000015.00000002.3363994649.00000207001C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://schemas.datacontract.org/2004/07/Kabuto.Contracts.Models
Source: Syncro.App.Runner.exe, 00000015.00000002.3363994649.00000207000E9000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000015.00000002.3363994649.00000207000DB000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://schemas.datacontract.org/2004/07/Kabuto.Contracts.Models.OsPatching
Source: Syncro.App.Runner.exe, 00000015.00000002.3363994649.00000207000E9000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000015.00000002.3363994649.00000207000DB000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://schemas.datacontract.org/2004/07/Kabuto.Contracts.Models.OsPatching.V1
Source: Syncro.App.Runner.exe, 00000015.00000002.3363994649.00000207000E9000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000015.00000002.3363994649.00000207000DB000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://schemas.datacontract.org/2004/07/Kabuto.Contracts.Models.ResourceMonitoring
Source: Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A616A7000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000012.00000002.3121137427.00000218BE379000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000014.00000002.3260005199.000002CB58499000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000015.00000002.3363994649.00000207000E9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://schemas.datacontract.org/2004/07/Kabuto.Contracts.Models.ResourceMonitoringxD
Source: Syncro.App.Runner.exe, 00000015.00000002.3363994649.00000207000E9000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000015.00000002.3363994649.00000207000DB000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://schemas.datacontract.org/2004/07/Kabuto.Contracts.Models.Snmp
Source: Syncro.App.Runner.exe, 0000000D.00000002.2896983400.000002133DE58000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://schemas.datacontract.org/2004/07/Kabuto.Contracts.Models.SnmpxD
Source: Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A61461000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 0000000D.00000002.2896983400.000002133DE58000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000012.00000002.3121137427.00000218BE379000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000014.00000002.3260005199.000002CB58580000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000015.00000002.3363994649.00000207001C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://schemas.datacontract.org/2004/07/RepairTech.Common.Tools
Source: InstallUtil.exe, 00000006.00000002.2258001463.000002070B332000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://schemas.datacontract.org/2004/07/System.ServiceProcess
Source: Syncro.App.Runner.exe, 00000014.00000002.3260005199.000002CB58580000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://schemas.datacontract.org0s
Source: Syncro.Overmind.Service.exe, 00000011.00000002.3707462292.0000023C1F34F000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://schemas.telerik.com/2008/xaml/compile
Source: Syncro.Overmind.Service.exe, 00000011.00000002.3707462292.0000023C1F34F000.00000004.00000800.00020000.00000000.sdmp, Syncro.Overmind.Service.exe, 00000011.00000002.3707462292.0000023C1F245000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000012.00000002.3121137427.00000218BE510000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000014.00000002.3260005199.000002CB58632000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000015.00000002.3363994649.0000020700281000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://schemas.telerik.com/2008/xaml/presentation
Source: Syncro.Overmind.Service.exe, 00000011.00000002.3707462292.0000023C1F34F000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://schemas.telerik.com/2008/xaml/presentation#Telerik.Windows.Controls.RadialMenu
Source: Syncro.Overmind.Service.exe, 00000011.00000002.3707462292.0000023C1F34F000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://schemas.telerik.com/2008/xaml/presentation#Telerik.Windows.Controls.RadialMenuV
Source: Syncro.Overmind.Service.exe, 00000011.00000002.3707462292.0000023C1F34F000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://schemas.telerik.com/2008/xaml/presentation&Telerik.Windows.Controls.LayoutControl
Source: Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A616A7000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 0000000D.00000002.2896983400.000002133DE58000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000012.00000002.3121137427.00000218BE379000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000014.00000002.3260005199.000002CB58499000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000015.00000002.3363994649.00000207000E9000.00000004.00000800.00020000.00000000.sdmp, SyncroLive.Service.Runner.exe, 0000001C.00000002.3604207409.0000023854862000.00000004.00000800.00020000.00000000.sdmp, SyncroLive.Agent.Runner.exe, 0000001D.00000002.3576854914.00000229001AB000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://schemas.xmlsoap.org/2005/02/trust/spnego#GSS_Wrap
Source: Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A616A7000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 0000000D.00000002.2896983400.000002133DE58000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000012.00000002.3121137427.00000218BE379000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000014.00000002.3260005199.000002CB58499000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000015.00000002.3363994649.00000207000E9000.00000004.00000800.00020000.00000000.sdmp, SyncroLive.Service.Runner.exe, 0000001C.00000002.3604207409.0000023854862000.00000004.00000800.00020000.00000000.sdmp, SyncroLive.Agent.Runner.exe, 0000001D.00000002.3576854914.00000229001AB000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://schemas.xmlsoap.org/2005/02/trust/tlsnego#TLS_Wrap
Source: Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A61461000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 0000000D.00000002.2896983400.000002133DD81000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000012.00000002.3121137427.00000218BE29E000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000014.00000002.3260005199.000002CB583BE000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000015.00000002.3363994649.000002070000E000.00000004.00000800.00020000.00000000.sdmp, SyncroLive.Service.Runner.exe, 0000001C.00000002.3604207409.0000023854781000.00000004.00000800.00020000.00000000.sdmp, SyncroLive.Agent.Runner.exe, 0000001D.00000002.3576854914.0000022900060000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://schemas.xmlsoap.org/soap/actor/next
Source: Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A61461000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 0000000D.00000002.2896983400.000002133DD81000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000012.00000002.3121137427.00000218BE29E000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000014.00000002.3260005199.000002CB583BE000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000015.00000002.3363994649.000002070000E000.00000004.00000800.00020000.00000000.sdmp, SyncroLive.Service.Runner.exe, 0000001C.00000002.3604207409.0000023854781000.00000004.00000800.00020000.00000000.sdmp, SyncroLive.Agent.Runner.exe, 0000001D.00000002.3576854914.0000022900060000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/
Source: Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A616A7000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 0000000D.00000002.2896983400.000002133DE58000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000012.00000002.3121137427.00000218BE379000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000014.00000002.3260005199.000002CB58499000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000015.00000002.3363994649.00000207000E9000.00000004.00000800.00020000.00000000.sdmp, SyncroLive.Agent.Runner.exe, 0000001D.00000002.3576854914.00000229001AB000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://schemas.xmlsoap.org/ws/2002/12/policy
Source: SyncroLive.Service.Runner.exe, 0000001C.00000002.3604207409.0000023854862000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://schemas.xmlsoap.org/ws/2002/12/policyX
Source: Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A616A7000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 0000000D.00000002.2896983400.000002133DE58000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000012.00000002.3121137427.00000218BE379000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000014.00000002.3260005199.000002CB58499000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000015.00000002.3363994649.00000207000E9000.00000004.00000800.00020000.00000000.sdmp, SyncroLive.Service.Runner.exe, 0000001C.00000002.3604207409.0000023854862000.00000004.00000800.00020000.00000000.sdmp, SyncroLive.Agent.Runner.exe, 0000001D.00000002.3576854914.00000229001AB000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/sc
Source: Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A616A7000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 0000000D.00000002.2896983400.000002133DE58000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000012.00000002.3121137427.00000218BE379000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000014.00000002.3260005199.000002CB58499000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000015.00000002.3363994649.00000207000E9000.00000004.00000800.00020000.00000000.sdmp, SyncroLive.Service.Runner.exe, 0000001C.00000002.3604207409.0000023854862000.00000004.00000800.00020000.00000000.sdmp, SyncroLive.Agent.Runner.exe, 0000001D.00000002.3576854914.00000229001AB000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/sc/dk
Source: Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A616A7000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 0000000D.00000002.2896983400.000002133DE58000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000012.00000002.3121137427.00000218BE379000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000014.00000002.3260005199.000002CB58499000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000015.00000002.3363994649.00000207000E9000.00000004.00000800.00020000.00000000.sdmp, SyncroLive.Service.Runner.exe, 0000001C.00000002.3604207409.0000023854862000.00000004.00000800.00020000.00000000.sdmp, SyncroLive.Agent.Runner.exe, 0000001D.00000002.3576854914.00000229001AB000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/sc/sct
Source: Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A616A7000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 0000000D.00000002.2896983400.000002133DE58000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000012.00000002.3121137427.00000218BE379000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000014.00000002.3260005199.000002CB58499000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000015.00000002.3363994649.00000207000E9000.00000004.00000800.00020000.00000000.sdmp, SyncroLive.Service.Runner.exe, 0000001C.00000002.3604207409.0000023854862000.00000004.00000800.00020000.00000000.sdmp, SyncroLive.Agent.Runner.exe, 0000001D.00000002.3576854914.00000229001AB000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/CK/PSHA1
Source: Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A616A7000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 0000000D.00000002.2896983400.000002133DE58000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000012.00000002.3121137427.00000218BE379000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000014.00000002.3260005199.000002CB58499000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000015.00000002.3363994649.00000207000E9000.00000004.00000800.00020000.00000000.sdmp, SyncroLive.Service.Runner.exe, 0000001C.00000002.3604207409.0000023854862000.00000004.00000800.00020000.00000000.sdmp, SyncroLive.Agent.Runner.exe, 0000001D.00000002.3576854914.00000229001AB000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/Issue
Source: Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A616A7000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 0000000D.00000002.2896983400.000002133DE58000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000012.00000002.3121137427.00000218BE379000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000014.00000002.3260005199.000002CB58499000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000015.00000002.3363994649.00000207000E9000.00000004.00000800.00020000.00000000.sdmp, SyncroLive.Service.Runner.exe, 0000001C.00000002.3604207409.0000023854862000.00000004.00000800.00020000.00000000.sdmp, SyncroLive.Agent.Runner.exe, 0000001D.00000002.3576854914.00000229001AB000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/Nonce
Source: Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A616A7000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 0000000D.00000002.2896983400.000002133DE58000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000012.00000002.3121137427.00000218BE379000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000014.00000002.3260005199.000002CB58499000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000015.00000002.3363994649.00000207000E9000.00000004.00000800.00020000.00000000.sdmp, SyncroLive.Service.Runner.exe, 0000001C.00000002.3604207409.0000023854862000.00000004.00000800.00020000.00000000.sdmp, SyncroLive.Agent.Runner.exe, 0000001D.00000002.3576854914.00000229001AB000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/Issue
Source: Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A616A7000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 0000000D.00000002.2896983400.000002133DE58000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000012.00000002.3121137427.00000218BE379000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000014.00000002.3260005199.000002CB58499000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000015.00000002.3363994649.00000207000E9000.00000004.00000800.00020000.00000000.sdmp, SyncroLive.Service.Runner.exe, 0000001C.00000002.3604207409.0000023854862000.00000004.00000800.00020000.00000000.sdmp, SyncroLive.Agent.Runner.exe, 0000001D.00000002.3576854914.00000229001AB000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/SCT
Source: Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A616A7000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 0000000D.00000002.2896983400.000002133DE58000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000012.00000002.3121137427.00000218BE379000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000014.00000002.3260005199.000002CB58499000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000015.00000002.3363994649.00000207000E9000.00000004.00000800.00020000.00000000.sdmp, SyncroLive.Service.Runner.exe, 0000001C.00000002.3604207409.0000023854862000.00000004.00000800.00020000.00000000.sdmp, SyncroLive.Agent.Runner.exe, 0000001D.00000002.3576854914.00000229001AB000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/Issue
Source: Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A616A7000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 0000000D.00000002.2896983400.000002133DE58000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000012.00000002.3121137427.00000218BE379000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000014.00000002.3260005199.000002CB58499000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000015.00000002.3363994649.00000207000E9000.00000004.00000800.00020000.00000000.sdmp, SyncroLive.Service.Runner.exe, 0000001C.00000002.3604207409.0000023854862000.00000004.00000800.00020000.00000000.sdmp, SyncroLive.Agent.Runner.exe, 0000001D.00000002.3576854914.00000229001AB000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/SCT
Source: Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A616A7000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 0000000D.00000002.2896983400.000002133DE58000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000012.00000002.3121137427.00000218BE379000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000014.00000002.3260005199.000002CB58499000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000015.00000002.3363994649.00000207000E9000.00000004.00000800.00020000.00000000.sdmp, SyncroLive.Service.Runner.exe, 0000001C.00000002.3604207409.0000023854862000.00000004.00000800.00020000.00000000.sdmp, SyncroLive.Agent.Runner.exe, 0000001D.00000002.3576854914.00000229001AB000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/SymmetricKey
Source: Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A616A7000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 0000000D.00000002.2896983400.000002133DE58000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000012.00000002.3121137427.00000218BE379000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000014.00000002.3260005199.000002CB58499000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000015.00000002.3363994649.00000207000E9000.00000004.00000800.00020000.00000000.sdmp, SyncroLive.Service.Runner.exe, 0000001C.00000002.3604207409.0000023854862000.00000004.00000800.00020000.00000000.sdmp, SyncroLive.Agent.Runner.exe, 0000001D.00000002.3576854914.00000229001AB000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust
Source: Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A616A7000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 0000000D.00000002.2896983400.000002133DE58000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000012.00000002.3121137427.00000218BE379000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000014.00000002.3260005199.000002CB58499000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000015.00000002.3363994649.00000207000E9000.00000004.00000800.00020000.00000000.sdmp, SyncroLive.Service.Runner.exe, 0000001C.00000002.3604207409.0000023854862000.00000004.00000800.00020000.00000000.sdmp, SyncroLive.Agent.Runner.exe, 0000001D.00000002.3576854914.00000229001AB000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust/PublicKey
Source: Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A616A7000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 0000000D.00000002.2896983400.000002133DE58000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000012.00000002.3121137427.00000218BE379000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000014.00000002.3260005199.000002CB58499000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000015.00000002.3363994649.00000207000E9000.00000004.00000800.00020000.00000000.sdmp, SyncroLive.Service.Runner.exe, 0000001C.00000002.3604207409.0000023854862000.00000004.00000800.00020000.00000000.sdmp, SyncroLive.Agent.Runner.exe, 0000001D.00000002.3576854914.00000229001AB000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust/SymmetricKey
Source: Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A616A7000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 0000000D.00000002.2896983400.000002133DE58000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000012.00000002.3121137427.00000218BE379000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000014.00000002.3260005199.000002CB58499000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000015.00000002.3363994649.00000207000E9000.00000004.00000800.00020000.00000000.sdmp, SyncroLive.Service.Runner.exe, 0000001C.00000002.3604207409.0000023854862000.00000004.00000800.00020000.00000000.sdmp, SyncroLive.Agent.Runner.exe, 0000001D.00000002.3576854914.00000229001AB000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/06/addressingex
Source: Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A61461000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 0000000D.00000002.2896983400.000002133DD81000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000012.00000002.3121137427.00000218BE29E000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000014.00000002.3260005199.000002CB583BE000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000015.00000002.3363994649.000002070000E000.00000004.00000800.00020000.00000000.sdmp, SyncroLive.Service.Runner.exe, 0000001C.00000002.3604207409.0000023854781000.00000004.00000800.00020000.00000000.sdmp, SyncroLive.Agent.Runner.exe, 0000001D.00000002.3576854914.0000022900060000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing
Source: Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A61461000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 0000000D.00000002.2896983400.000002133DD81000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000012.00000002.3121137427.00000218BE29E000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000014.00000002.3260005199.000002CB583BE000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000015.00000002.3363994649.000002070000E000.00000004.00000800.00020000.00000000.sdmp, SyncroLive.Service.Runner.exe, 0000001C.00000002.3604207409.0000023854781000.00000004.00000800.00020000.00000000.sdmp, SyncroLive.Agent.Runner.exe, 0000001D.00000002.3576854914.0000022900060000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/fault
Source: Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A61461000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 0000000D.00000002.2896983400.000002133DD81000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000012.00000002.3121137427.00000218BE29E000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000014.00000002.3260005199.000002CB583BE000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000015.00000002.3363994649.000002070000E000.00000004.00000800.00020000.00000000.sdmp, SyncroLive.Service.Runner.exe, 0000001C.00000002.3604207409.0000023854781000.00000004.00000800.00020000.00000000.sdmp, SyncroLive.Agent.Runner.exe, 0000001D.00000002.3576854914.0000022900060000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous
Source: Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A61461000.00000004.00000800.00020000.00000000.sdmp, SyncroLive.Service.Runner.exe, 0000001C.00000002.3604207409.0000023854781000.00000004.00000800.00020000.00000000.sdmp, SyncroLive.Agent.Runner.exe, 0000001D.00000002.3576854914.0000022900060000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/09/policy
Source: Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A61461000.00000004.00000800.00020000.00000000.sdmp, SyncroLive.Service.Runner.exe, 0000001C.00000002.3604207409.0000023854781000.00000004.00000800.00020000.00000000.sdmp, SyncroLive.Agent.Runner.exe, 0000001D.00000002.3576854914.0000022900060000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/09/transfer/Get
Source: Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A61461000.00000004.00000800.00020000.00000000.sdmp, SyncroLive.Service.Runner.exe, 0000001C.00000002.3604207409.0000023854781000.00000004.00000800.00020000.00000000.sdmp, SyncroLive.Agent.Runner.exe, 0000001D.00000002.3576854914.0000022900060000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/09/transfer/GetResponse
Source: Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A616A7000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 0000000D.00000002.2896983400.000002133DE58000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000012.00000002.3121137427.00000218BE379000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000014.00000002.3260005199.000002CB58499000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000015.00000002.3363994649.00000207000E9000.00000004.00000800.00020000.00000000.sdmp, SyncroLive.Service.Runner.exe, 0000001C.00000002.3604207409.0000023854862000.00000004.00000800.00020000.00000000.sdmp, SyncroLive.Agent.Runner.exe, 0000001D.00000002.3576854914.00000229001AB000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat
Source: Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A616A7000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 0000000D.00000002.2896983400.000002133DE58000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000012.00000002.3121137427.00000218BE379000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000014.00000002.3260005199.000002CB58499000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000015.00000002.3363994649.00000207000E9000.00000004.00000800.00020000.00000000.sdmp, SyncroLive.Service.Runner.exe, 0000001C.00000002.3604207409.0000023854862000.00000004.00000800.00020000.00000000.sdmp, SyncroLive.Agent.Runner.exe, 0000001D.00000002.3576854914.00000229001AB000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Aborted
Source: Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A616A7000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 0000000D.00000002.2896983400.000002133DE58000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000012.00000002.3121137427.00000218BE379000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000014.00000002.3260005199.000002CB58499000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000015.00000002.3363994649.00000207000E9000.00000004.00000800.00020000.00000000.sdmp, SyncroLive.Service.Runner.exe, 0000001C.00000002.3604207409.0000023854862000.00000004.00000800.00020000.00000000.sdmp, SyncroLive.Agent.Runner.exe, 0000001D.00000002.3576854914.00000229001AB000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Commit
Source: Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A616A7000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 0000000D.00000002.2896983400.000002133DE58000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000012.00000002.3121137427.00000218BE379000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000014.00000002.3260005199.000002CB58499000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000015.00000002.3363994649.00000207000E9000.00000004.00000800.00020000.00000000.sdmp, SyncroLive.Service.Runner.exe, 0000001C.00000002.3604207409.0000023854862000.00000004.00000800.00020000.00000000.sdmp, SyncroLive.Agent.Runner.exe, 0000001D.00000002.3576854914.00000229001AB000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Committed
Source: Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A616A7000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 0000000D.00000002.2896983400.000002133DE58000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000012.00000002.3121137427.00000218BE379000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000014.00000002.3260005199.000002CB58499000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000015.00000002.3363994649.00000207000E9000.00000004.00000800.00020000.00000000.sdmp, SyncroLive.Service.Runner.exe, 0000001C.00000002.3604207409.0000023854862000.00000004.00000800.00020000.00000000.sdmp, SyncroLive.Agent.Runner.exe, 0000001D.00000002.3576854914.00000229001AB000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Completion
Source: Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A616A7000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 0000000D.00000002.2896983400.000002133DE58000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000012.00000002.3121137427.00000218BE379000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000014.00000002.3260005199.000002CB58499000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000015.00000002.3363994649.00000207000E9000.00000004.00000800.00020000.00000000.sdmp, SyncroLive.Service.Runner.exe, 0000001C.00000002.3604207409.0000023854862000.00000004.00000800.00020000.00000000.sdmp, SyncroLive.Agent.Runner.exe, 0000001D.00000002.3576854914.00000229001AB000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Durable2PC
Source: Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A616A7000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 0000000D.00000002.2896983400.000002133DE58000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000012.00000002.3121137427.00000218BE379000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000014.00000002.3260005199.000002CB58499000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000015.00000002.3363994649.00000207000E9000.00000004.00000800.00020000.00000000.sdmp, SyncroLive.Service.Runner.exe, 0000001C.00000002.3604207409.0000023854862000.00000004.00000800.00020000.00000000.sdmp, SyncroLive.Agent.Runner.exe, 0000001D.00000002.3576854914.00000229001AB000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Prepare
Source: Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A616A7000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 0000000D.00000002.2896983400.000002133DE58000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000012.00000002.3121137427.00000218BE379000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000014.00000002.3260005199.000002CB58499000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000015.00000002.3363994649.00000207000E9000.00000004.00000800.00020000.00000000.sdmp, SyncroLive.Service.Runner.exe, 0000001C.00000002.3604207409.0000023854862000.00000004.00000800.00020000.00000000.sdmp, SyncroLive.Agent.Runner.exe, 0000001D.00000002.3576854914.00000229001AB000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Prepared
Source: Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A616A7000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 0000000D.00000002.2896983400.000002133DE58000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000012.00000002.3121137427.00000218BE379000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000014.00000002.3260005199.000002CB58499000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000015.00000002.3363994649.00000207000E9000.00000004.00000800.00020000.00000000.sdmp, SyncroLive.Service.Runner.exe, 0000001C.00000002.3604207409.0000023854862000.00000004.00000800.00020000.00000000.sdmp, SyncroLive.Agent.Runner.exe, 0000001D.00000002.3576854914.00000229001AB000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/ReadOnly
Source: Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A616A7000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 0000000D.00000002.2896983400.000002133DE58000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000012.00000002.3121137427.00000218BE379000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000014.00000002.3260005199.000002CB58499000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000015.00000002.3363994649.00000207000E9000.00000004.00000800.00020000.00000000.sdmp, SyncroLive.Service.Runner.exe, 0000001C.00000002.3604207409.0000023854862000.00000004.00000800.00020000.00000000.sdmp, SyncroLive.Agent.Runner.exe, 0000001D.00000002.3576854914.00000229001AB000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Replay
Source: Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A616A7000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 0000000D.00000002.2896983400.000002133DE58000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000012.00000002.3121137427.00000218BE379000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000014.00000002.3260005199.000002CB58499000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000015.00000002.3363994649.00000207000E9000.00000004.00000800.00020000.00000000.sdmp, SyncroLive.Service.Runner.exe, 0000001C.00000002.3604207409.0000023854862000.00000004.00000800.00020000.00000000.sdmp, SyncroLive.Agent.Runner.exe, 0000001D.00000002.3576854914.00000229001AB000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Rollback
Source: Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A616A7000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 0000000D.00000002.2896983400.000002133DE58000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000012.00000002.3121137427.00000218BE379000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000014.00000002.3260005199.000002CB58499000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000015.00000002.3363994649.00000207000E9000.00000004.00000800.00020000.00000000.sdmp, SyncroLive.Service.Runner.exe, 0000001C.00000002.3604207409.0000023854862000.00000004.00000800.00020000.00000000.sdmp, SyncroLive.Agent.Runner.exe, 0000001D.00000002.3576854914.00000229001AB000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Volatile2PC
Source: Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A616A7000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 0000000D.00000002.2896983400.000002133DE58000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000012.00000002.3121137427.00000218BE379000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000014.00000002.3260005199.000002CB58499000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000015.00000002.3363994649.00000207000E9000.00000004.00000800.00020000.00000000.sdmp, SyncroLive.Service.Runner.exe, 0000001C.00000002.3604207409.0000023854862000.00000004.00000800.00020000.00000000.sdmp, SyncroLive.Agent.Runner.exe, 0000001D.00000002.3576854914.00000229001AB000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/fault
Source: Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A616A7000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 0000000D.00000002.2896983400.000002133DE58000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000012.00000002.3121137427.00000218BE379000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000014.00000002.3260005199.000002CB58499000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000015.00000002.3363994649.00000207000E9000.00000004.00000800.00020000.00000000.sdmp, SyncroLive.Service.Runner.exe, 0000001C.00000002.3604207409.0000023854862000.00000004.00000800.00020000.00000000.sdmp, SyncroLive.Agent.Runner.exe, 0000001D.00000002.3576854914.00000229001AB000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor
Source: Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A616A7000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 0000000D.00000002.2896983400.000002133DE58000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000012.00000002.3121137427.00000218BE379000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000014.00000002.3260005199.000002CB58499000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000015.00000002.3363994649.00000207000E9000.00000004.00000800.00020000.00000000.sdmp, SyncroLive.Service.Runner.exe, 0000001C.00000002.3604207409.0000023854862000.00000004.00000800.00020000.00000000.sdmp, SyncroLive.Agent.Runner.exe, 0000001D.00000002.3576854914.00000229001AB000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContext
Source: Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A616A7000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 0000000D.00000002.2896983400.000002133DE58000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000012.00000002.3121137427.00000218BE379000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000014.00000002.3260005199.000002CB58499000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000015.00000002.3363994649.00000207000E9000.00000004.00000800.00020000.00000000.sdmp, SyncroLive.Service.Runner.exe, 0000001C.00000002.3604207409.0000023854862000.00000004.00000800.00020000.00000000.sdmp, SyncroLive.Agent.Runner.exe, 0000001D.00000002.3576854914.00000229001AB000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContextResponse
Source: Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A616A7000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 0000000D.00000002.2896983400.000002133DE58000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000012.00000002.3121137427.00000218BE379000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000014.00000002.3260005199.000002CB58499000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000015.00000002.3363994649.00000207000E9000.00000004.00000800.00020000.00000000.sdmp, SyncroLive.Service.Runner.exe, 0000001C.00000002.3604207409.0000023854862000.00000004.00000800.00020000.00000000.sdmp, SyncroLive.Agent.Runner.exe, 0000001D.00000002.3576854914.00000229001AB000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/Register
Source: Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A616A7000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 0000000D.00000002.2896983400.000002133DE58000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000012.00000002.3121137427.00000218BE379000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000014.00000002.3260005199.000002CB58499000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000015.00000002.3363994649.00000207000E9000.00000004.00000800.00020000.00000000.sdmp, SyncroLive.Service.Runner.exe, 0000001C.00000002.3604207409.0000023854862000.00000004.00000800.00020000.00000000.sdmp, SyncroLive.Agent.Runner.exe, 0000001D.00000002.3576854914.00000229001AB000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/RegisterResponse
Source: Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A616A7000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 0000000D.00000002.2896983400.000002133DE58000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000012.00000002.3121137427.00000218BE379000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000014.00000002.3260005199.000002CB58499000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000015.00000002.3363994649.00000207000E9000.00000004.00000800.00020000.00000000.sdmp, SyncroLive.Service.Runner.exe, 0000001C.00000002.3604207409.0000023854862000.00000004.00000800.00020000.00000000.sdmp, SyncroLive.Agent.Runner.exe, 0000001D.00000002.3576854914.00000229001AB000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/fault
Source: Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A616A7000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 0000000D.00000002.2896983400.000002133DE58000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000012.00000002.3121137427.00000218BE379000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000014.00000002.3260005199.000002CB58499000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000015.00000002.3363994649.00000207000E9000.00000004.00000800.00020000.00000000.sdmp, SyncroLive.Service.Runner.exe, 0000001C.00000002.3604207409.0000023854862000.00000004.00000800.00020000.00000000.sdmp, SyncroLive.Agent.Runner.exe, 0000001D.00000002.3576854914.00000229001AB000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm
Source: Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A616A7000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 0000000D.00000002.2896983400.000002133DE58000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000012.00000002.3121137427.00000218BE379000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000014.00000002.3260005199.000002CB58499000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000015.00000002.3363994649.00000207000E9000.00000004.00000800.00020000.00000000.sdmp, SyncroLive.Service.Runner.exe, 0000001C.00000002.3604207409.0000023854862000.00000004.00000800.00020000.00000000.sdmp, SyncroLive.Agent.Runner.exe, 0000001D.00000002.3576854914.00000229001AB000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/AckRequested
Source: Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A616A7000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 0000000D.00000002.2896983400.000002133DE58000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000012.00000002.3121137427.00000218BE379000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000014.00000002.3260005199.000002CB58499000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000015.00000002.3363994649.00000207000E9000.00000004.00000800.00020000.00000000.sdmp, SyncroLive.Service.Runner.exe, 0000001C.00000002.3604207409.0000023854862000.00000004.00000800.00020000.00000000.sdmp, SyncroLive.Agent.Runner.exe, 0000001D.00000002.3576854914.00000229001AB000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequence
Source: Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A616A7000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 0000000D.00000002.2896983400.000002133DE58000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000012.00000002.3121137427.00000218BE379000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000014.00000002.3260005199.000002CB58499000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000015.00000002.3363994649.00000207000E9000.00000004.00000800.00020000.00000000.sdmp, SyncroLive.Service.Runner.exe, 0000001C.00000002.3604207409.0000023854862000.00000004.00000800.00020000.00000000.sdmp, SyncroLive.Agent.Runner.exe, 0000001D.00000002.3576854914.00000229001AB000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequenceResponse
Source: Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A616A7000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 0000000D.00000002.2896983400.000002133DE58000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000012.00000002.3121137427.00000218BE379000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000014.00000002.3260005199.000002CB58499000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000015.00000002.3363994649.00000207000E9000.00000004.00000800.00020000.00000000.sdmp, SyncroLive.Service.Runner.exe, 0000001C.00000002.3604207409.0000023854862000.00000004.00000800.00020000.00000000.sdmp, SyncroLive.Agent.Runner.exe, 0000001D.00000002.3576854914.00000229001AB000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/LastMessage
Source: Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A616A7000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 0000000D.00000002.2896983400.000002133DE58000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000012.00000002.3121137427.00000218BE379000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000014.00000002.3260005199.000002CB58499000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000015.00000002.3363994649.00000207000E9000.00000004.00000800.00020000.00000000.sdmp, SyncroLive.Service.Runner.exe, 0000001C.00000002.3604207409.0000023854862000.00000004.00000800.00020000.00000000.sdmp, SyncroLive.Agent.Runner.exe, 0000001D.00000002.3576854914.00000229001AB000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/SequenceAcknowledgement
Source: Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A616A7000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 0000000D.00000002.2896983400.000002133DE58000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000012.00000002.3121137427.00000218BE379000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000014.00000002.3260005199.000002CB58499000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000015.00000002.3363994649.00000207000E9000.00000004.00000800.00020000.00000000.sdmp, SyncroLive.Service.Runner.exe, 0000001C.00000002.3604207409.0000023854862000.00000004.00000800.00020000.00000000.sdmp, SyncroLive.Agent.Runner.exe, 0000001D.00000002.3576854914.00000229001AB000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/TerminateSequence
Source: Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A616A7000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 0000000D.00000002.2896983400.000002133DE58000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000012.00000002.3121137427.00000218BE379000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000014.00000002.3260005199.000002CB58499000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000015.00000002.3363994649.00000207000E9000.00000004.00000800.00020000.00000000.sdmp, SyncroLive.Service.Runner.exe, 0000001C.00000002.3604207409.0000023854862000.00000004.00000800.00020000.00000000.sdmp, SyncroLive.Agent.Runner.exe, 0000001D.00000002.3576854914.00000229001AB000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc
Source: Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A616A7000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 0000000D.00000002.2896983400.000002133DE58000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000012.00000002.3121137427.00000218BE379000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000014.00000002.3260005199.000002CB58499000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000015.00000002.3363994649.00000207000E9000.00000004.00000800.00020000.00000000.sdmp, SyncroLive.Service.Runner.exe, 0000001C.00000002.3604207409.0000023854862000.00000004.00000800.00020000.00000000.sdmp, SyncroLive.Agent.Runner.exe, 0000001D.00000002.3576854914.00000229001AB000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/dk
Source: Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A616A7000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 0000000D.00000002.2896983400.000002133DE58000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000012.00000002.3121137427.00000218BE379000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000014.00000002.3260005199.000002CB58499000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000015.00000002.3363994649.00000207000E9000.00000004.00000800.00020000.00000000.sdmp, SyncroLive.Service.Runner.exe, 0000001C.00000002.3604207409.0000023854862000.00000004.00000800.00020000.00000000.sdmp, SyncroLive.Agent.Runner.exe, 0000001D.00000002.3576854914.00000229001AB000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/dk/p_sha1
Source: Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A616A7000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 0000000D.00000002.2896983400.000002133DE58000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000012.00000002.3121137427.00000218BE379000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000014.00000002.3260005199.000002CB58499000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000015.00000002.3363994649.00000207000E9000.00000004.00000800.00020000.00000000.sdmp, SyncroLive.Service.Runner.exe, 0000001C.00000002.3604207409.0000023854862000.00000004.00000800.00020000.00000000.sdmp, SyncroLive.Agent.Runner.exe, 0000001D.00000002.3576854914.00000229001AB000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/sct
Source: Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A616A7000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 0000000D.00000002.2896983400.000002133DE58000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000012.00000002.3121137427.00000218BE379000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000014.00000002.3260005199.000002CB58499000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000015.00000002.3363994649.00000207000E9000.00000004.00000800.00020000.00000000.sdmp, SyncroLive.Service.Runner.exe, 0000001C.00000002.3604207409.0000023854862000.00000004.00000800.00020000.00000000.sdmp, SyncroLive.Agent.Runner.exe, 0000001D.00000002.3576854914.00000229001AB000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust
Source: Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A616A7000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 0000000D.00000002.2896983400.000002133DE58000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000012.00000002.3121137427.00000218BE379000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000014.00000002.3260005199.000002CB58499000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000015.00000002.3363994649.00000207000E9000.00000004.00000800.00020000.00000000.sdmp, SyncroLive.Service.Runner.exe, 0000001C.00000002.3604207409.0000023854862000.00000004.00000800.00020000.00000000.sdmp, SyncroLive.Agent.Runner.exe, 0000001D.00000002.3576854914.00000229001AB000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust#BinarySecret
Source: Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A616A7000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 0000000D.00000002.2896983400.000002133DE58000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000012.00000002.3121137427.00000218BE379000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000014.00000002.3260005199.000002CB58499000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000015.00000002.3363994649.00000207000E9000.00000004.00000800.00020000.00000000.sdmp, SyncroLive.Service.Runner.exe, 0000001C.00000002.3604207409.0000023854862000.00000004.00000800.00020000.00000000.sdmp, SyncroLive.Agent.Runner.exe, 0000001D.00000002.3576854914.00000229001AB000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/CK/PSHA1
Source: Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A616A7000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 0000000D.00000002.2896983400.000002133DE58000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000012.00000002.3121137427.00000218BE379000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000014.00000002.3260005199.000002CB58499000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000015.00000002.3363994649.00000207000E9000.00000004.00000800.00020000.00000000.sdmp, SyncroLive.Service.Runner.exe, 0000001C.00000002.3604207409.0000023854862000.00000004.00000800.00020000.00000000.sdmp, SyncroLive.Agent.Runner.exe, 0000001D.00000002.3576854914.00000229001AB000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Cancel
Source: Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A616A7000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 0000000D.00000002.2896983400.000002133DE58000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000012.00000002.3121137427.00000218BE379000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000014.00000002.3260005199.000002CB58499000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000015.00000002.3363994649.00000207000E9000.00000004.00000800.00020000.00000000.sdmp, SyncroLive.Service.Runner.exe, 0000001C.00000002.3604207409.0000023854862000.00000004.00000800.00020000.00000000.sdmp, SyncroLive.Agent.Runner.exe, 0000001D.00000002.3576854914.00000229001AB000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Issue
Source: Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A616A7000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 0000000D.00000002.2896983400.000002133DE58000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000012.00000002.3121137427.00000218BE379000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000014.00000002.3260005199.000002CB58499000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000015.00000002.3363994649.00000207000E9000.00000004.00000800.00020000.00000000.sdmp, SyncroLive.Service.Runner.exe, 0000001C.00000002.3604207409.0000023854862000.00000004.00000800.00020000.00000000.sdmp, SyncroLive.Agent.Runner.exe, 0000001D.00000002.3576854914.00000229001AB000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Nonce
Source: Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A616A7000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 0000000D.00000002.2896983400.000002133DE58000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000012.00000002.3121137427.00000218BE379000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000014.00000002.3260005199.000002CB58499000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000015.00000002.3363994649.00000207000E9000.00000004.00000800.00020000.00000000.sdmp, SyncroLive.Service.Runner.exe, 0000001C.00000002.3604207409.0000023854862000.00000004.00000800.00020000.00000000.sdmp, SyncroLive.Agent.Runner.exe, 0000001D.00000002.3576854914.00000229001AB000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/PublicKey
Source: Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A616A7000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 0000000D.00000002.2896983400.000002133DE58000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000012.00000002.3121137427.00000218BE379000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000014.00000002.3260005199.000002CB58499000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000015.00000002.3363994649.00000207000E9000.00000004.00000800.00020000.00000000.sdmp, SyncroLive.Service.Runner.exe, 0000001C.00000002.3604207409.0000023854862000.00000004.00000800.00020000.00000000.sdmp, SyncroLive.Agent.Runner.exe, 0000001D.00000002.3576854914.00000229001AB000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue
Source: Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A616A7000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 0000000D.00000002.2896983400.000002133DE58000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000012.00000002.3121137427.00000218BE379000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000014.00000002.3260005199.000002CB58499000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000015.00000002.3363994649.00000207000E9000.00000004.00000800.00020000.00000000.sdmp, SyncroLive.Service.Runner.exe, 0000001C.00000002.3604207409.0000023854862000.00000004.00000800.00020000.00000000.sdmp, SyncroLive.Agent.Runner.exe, 0000001D.00000002.3576854914.00000229001AB000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT
Source: Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A616A7000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 0000000D.00000002.2896983400.000002133DE58000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000012.00000002.3121137427.00000218BE379000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000014.00000002.3260005199.000002CB58499000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000015.00000002.3363994649.00000207000E9000.00000004.00000800.00020000.00000000.sdmp, SyncroLive.Service.Runner.exe, 0000001C.00000002.3604207409.0000023854862000.00000004.00000800.00020000.00000000.sdmp, SyncroLive.Agent.Runner.exe, 0000001D.00000002.3576854914.00000229001AB000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Cancel
Source: Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A616A7000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 0000000D.00000002.2896983400.000002133DE58000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000012.00000002.3121137427.00000218BE379000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000014.00000002.3260005199.000002CB58499000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000015.00000002.3363994649.00000207000E9000.00000004.00000800.00020000.00000000.sdmp, SyncroLive.Service.Runner.exe, 0000001C.00000002.3604207409.0000023854862000.00000004.00000800.00020000.00000000.sdmp, SyncroLive.Agent.Runner.exe, 0000001D.00000002.3576854914.00000229001AB000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Renew
Source: Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A616A7000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 0000000D.00000002.2896983400.000002133DE58000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000012.00000002.3121137427.00000218BE379000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000014.00000002.3260005199.000002CB58499000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000015.00000002.3363994649.00000207000E9000.00000004.00000800.00020000.00000000.sdmp, SyncroLive.Service.Runner.exe, 0000001C.00000002.3604207409.0000023854862000.00000004.00000800.00020000.00000000.sdmp, SyncroLive.Agent.Runner.exe, 0000001D.00000002.3576854914.00000229001AB000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Issue
Source: Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A616A7000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 0000000D.00000002.2896983400.000002133DE58000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000012.00000002.3121137427.00000218BE379000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000014.00000002.3260005199.000002CB58499000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000015.00000002.3363994649.00000207000E9000.00000004.00000800.00020000.00000000.sdmp, SyncroLive.Service.Runner.exe, 0000001C.00000002.3604207409.0000023854862000.00000004.00000800.00020000.00000000.sdmp, SyncroLive.Agent.Runner.exe, 0000001D.00000002.3576854914.00000229001AB000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT
Source: Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A616A7000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 0000000D.00000002.2896983400.000002133DE58000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000012.00000002.3121137427.00000218BE379000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000014.00000002.3260005199.000002CB58499000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000015.00000002.3363994649.00000207000E9000.00000004.00000800.00020000.00000000.sdmp, SyncroLive.Service.Runner.exe, 0000001C.00000002.3604207409.0000023854862000.00000004.00000800.00020000.00000000.sdmp, SyncroLive.Agent.Runner.exe, 0000001D.00000002.3576854914.00000229001AB000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Cancel
Source: Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A616A7000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 0000000D.00000002.2896983400.000002133DE58000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000012.00000002.3121137427.00000218BE379000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000014.00000002.3260005199.000002CB58499000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000015.00000002.3363994649.00000207000E9000.00000004.00000800.00020000.00000000.sdmp, SyncroLive.Service.Runner.exe, 0000001C.00000002.3604207409.0000023854862000.00000004.00000800.00020000.00000000.sdmp, SyncroLive.Agent.Runner.exe, 0000001D.00000002.3576854914.00000229001AB000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Renew
Source: Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A616A7000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 0000000D.00000002.2896983400.000002133DE58000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000012.00000002.3121137427.00000218BE379000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000014.00000002.3260005199.000002CB58499000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000015.00000002.3363994649.00000207000E9000.00000004.00000800.00020000.00000000.sdmp, SyncroLive.Service.Runner.exe, 0000001C.00000002.3604207409.0000023854862000.00000004.00000800.00020000.00000000.sdmp, SyncroLive.Agent.Runner.exe, 0000001D.00000002.3576854914.00000229001AB000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Renew
Source: Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A616A7000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 0000000D.00000002.2896983400.000002133DE58000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000012.00000002.3121137427.00000218BE379000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000014.00000002.3260005199.000002CB58499000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000015.00000002.3363994649.00000207000E9000.00000004.00000800.00020000.00000000.sdmp, SyncroLive.Service.Runner.exe, 0000001C.00000002.3604207409.0000023854862000.00000004.00000800.00020000.00000000.sdmp, SyncroLive.Agent.Runner.exe, 0000001D.00000002.3576854914.00000229001AB000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/SymmetricKey
Source: Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A616A7000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 0000000D.00000002.2896983400.000002133DE58000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000012.00000002.3121137427.00000218BE379000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000014.00000002.3260005199.000002CB58499000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000015.00000002.3363994649.00000207000E9000.00000004.00000800.00020000.00000000.sdmp, SyncroLive.Service.Runner.exe, 0000001C.00000002.3604207409.0000023854862000.00000004.00000800.00020000.00000000.sdmp, SyncroLive.Agent.Runner.exe, 0000001D.00000002.3576854914.00000229001AB000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/spnego
Source: Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A616A7000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 0000000D.00000002.2896983400.000002133DE58000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000012.00000002.3121137427.00000218BE379000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000014.00000002.3260005199.000002CB58499000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000015.00000002.3363994649.00000207000E9000.00000004.00000800.00020000.00000000.sdmp, SyncroLive.Service.Runner.exe, 0000001C.00000002.3604207409.0000023854862000.00000004.00000800.00020000.00000000.sdmp, SyncroLive.Agent.Runner.exe, 0000001D.00000002.3576854914.00000229001AB000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/tlsnego
Source: Syncro.App.Runner.exe, 0000000D.00000002.2896983400.000002133DE58000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000012.00000002.3121137427.00000218BE36B000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000014.00000002.3260005199.000002CB5848B000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000015.00000002.3363994649.00000207000DB000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dns
Source: SyncroLive.Agent.Runner.exe, 0000001D.00000002.3576854914.00000229001A0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dnsh
Source: Syncro.Installer.exe, 00000002.00000002.2309646185.0000021C00001000.00000004.00000800.00020000.00000000.sdmp, Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A61653000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 0000000D.00000002.2896983400.000002133DE58000.00000004.00000800.00020000.00000000.sdmp, Syncro.Overmind.Service.exe, 0000000E.00000002.2464315427.0000017206661000.00000004.00000800.00020000.00000000.sdmp, Syncro.Overmind.Service.exe, 00000011.00000002.3594084272.0000023C0F231000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000012.00000002.3121137427.00000218BE36B000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000014.00000002.3260005199.000002CB5848B000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000015.00000002.3363994649.00000207000DB000.00000004.00000800.00020000.00000000.sdmp, SyncroLive.Service.Runner.exe, 0000001C.00000002.3604207409.0000023854848000.00000004.00000800.00020000.00000000.sdmp, SyncroLive.Agent.Runner.exe, 0000001D.00000002.3576854914.000002290015C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A61653000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 0000000D.00000002.2896983400.000002133DE58000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000012.00000002.3121137427.00000218BE36B000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000014.00000002.3260005199.000002CB5848B000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000015.00000002.3363994649.00000207000DB000.00000004.00000800.00020000.00000000.sdmp, SyncroLive.Service.Runner.exe, 0000001C.00000002.3604207409.0000023854848000.00000004.00000800.00020000.00000000.sdmp, SyncroLive.Agent.Runner.exe, 0000001D.00000002.3576854914.000002290015C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/spn
Source: Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A616A7000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 0000000D.00000002.2896983400.000002133DE58000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000012.00000002.3121137427.00000218BE36B000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000014.00000002.3260005199.000002CB5848B000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000015.00000002.3363994649.00000207000DB000.00000004.00000800.00020000.00000000.sdmp, SyncroLive.Service.Runner.exe, 0000001C.00000002.3604207409.0000023854848000.00000004.00000800.00020000.00000000.sdmp, SyncroLive.Agent.Runner.exe, 0000001D.00000002.3576854914.00000229001A0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/system
Source: Syncro.App.Runner.exe, 00000012.00000002.3121137427.00000218BE36B000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000015.00000002.3363994649.00000207000DB000.00000004.00000800.00020000.00000000.sdmp, SyncroLive.Agent.Runner.exe, 0000001D.00000002.3576854914.00000229001A0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn
Source: Syncro.App.Runner.exe, 00000014.00000002.3260005199.000002CB5848B000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upnempu0s
Source: Syncro.App.Runner.exe, 0000000D.00000002.2896983400.000002133DE58000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upnpL$
Source: Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A616A7000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000012.00000002.3121137427.00000218BE36B000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000014.00000002.3260005199.000002CB5848B000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000015.00000002.3363994649.00000207000DB000.00000004.00000800.00020000.00000000.sdmp, SyncroLive.Service.Runner.exe, 0000001C.00000002.3604207409.0000023854848000.00000004.00000800.00020000.00000000.sdmp, SyncroLive.Agent.Runner.exe, 0000001D.00000002.3576854914.00000229001A0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/right/identity
Source: Syncro.App.Runner.exe, 0000000D.00000002.2896983400.000002133DE58000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/right/identityX
Source: Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A61653000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 0000000D.00000002.2896983400.000002133DE58000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000012.00000002.3121137427.00000218BE36B000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000014.00000002.3260005199.000002CB5848B000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000015.00000002.3363994649.00000207000DB000.00000004.00000800.00020000.00000000.sdmp, SyncroLive.Service.Runner.exe, 0000001C.00000002.3604207409.0000023854848000.00000004.00000800.00020000.00000000.sdmp, SyncroLive.Agent.Runner.exe, 0000001D.00000002.3576854914.000002290015C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/right/possessproperty
Source: Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A616A7000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 0000000D.00000002.2896983400.000002133DE58000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000012.00000002.3121137427.00000218BE36B000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000014.00000002.3260005199.000002CB5848B000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000015.00000002.3363994649.00000207000DB000.00000004.00000800.00020000.00000000.sdmp, SyncroLive.Service.Runner.exe, 0000001C.00000002.3604207409.0000023854862000.00000004.00000800.00020000.00000000.sdmp, SyncroLive.Agent.Runner.exe, 0000001D.00000002.3576854914.00000229001A0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://schemas.xmlsoap.org/ws/2006/02/addressingidentity
Source: Syncro.Installer.exe, 00000002.00000002.2309646185.0000021C00237000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://storage.googleapis.com
Source: Syncro.Installer.exe, 00000002.00000002.2309646185.0000021C0048A000.00000004.00000800.00020000.00000000.sdmp, Syncro.Installer.exe, 00000002.00000002.2326708476.0000021C770F0000.00000004.08000000.00040000.00000000.sdmp, Syncro.Service.Runner.exe, 00000009.00000002.3494544518.0000022A7A682000.00000002.00000001.01000000.0000003D.sdmp, Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A616A7000.00000004.00000800.00020000.00000000.sdmp, Syncro.Overmind.Service.exe, 00000011.00000002.3594084272.0000023C0F231000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://temp.com
Source: Syncro.Installer.exe, 00000002.00000002.2309646185.0000021C0048A000.00000004.00000800.00020000.00000000.sdmp, Syncro.Installer.exe, 00000002.00000002.2326708476.0000021C770F0000.00000004.08000000.00040000.00000000.sdmp, Syncro.Service.Runner.exe, 00000009.00000002.3494544518.0000022A7A682000.00000002.00000001.01000000.0000003D.sdmp, Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A616A7000.00000004.00000800.00020000.00000000.sdmp, Syncro.Overmind.Service.exe, 00000011.00000002.3594084272.0000023C0F231000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://temp.com/
Source: Syncro.Installer.exe, 00000002.00000002.2309646185.0000021C0010A000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://temp.com/p
Source: Syncro.App.Runner.exe, 00000015.00000002.3363994649.00000207001C4000.00000004.00000800.00020000.00000000.sdmp, SyncroLive.Service.Runner.exe, 0000001C.00000002.3604207409.0000023854781000.00000004.00000800.00020000.00000000.sdmp, SyncroLive.Service.Runner.exe, 0000001C.00000002.3604207409.0000023854862000.00000004.00000800.00020000.00000000.sdmp, SyncroLive.Agent.Runner.exe, 0000001D.00000002.3576854914.00000229001AB000.00000004.00000800.00020000.00000000.sdmp, SyncroLive.Agent.Runner.exe, 0000001D.00000002.3576854914.0000022900060000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://tempuri.org/
Source: SyncroLive.Service.Runner.exe, 0000001C.00000002.3604207409.0000023854862000.00000004.00000800.00020000.00000000.sdmp, SyncroLive.Agent.Runner.exe, 0000001D.00000002.3576854914.00000229001AB000.00000004.00000800.00020000.00000000.sdmp, SyncroLive.Agent.Runner.exe, 0000001D.00000002.3576854914.00000229001A0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://tempuri.org/$GetStoredScreenSharingSenderIdResultV
Source: Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A61653000.00000004.00000800.00020000.00000000.sdmp, Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A61461000.00000004.00000800.00020000.00000000.sdmp, SyncroLive.Service.Runner.exe, 0000001C.00000002.3604207409.0000023854781000.00000004.00000800.00020000.00000000.sdmp, SyncroLive.Agent.Runner.exe, 0000001D.00000002.3576854914.0000022900060000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://tempuri.org/:NetNamedPipeBinding
Source: SyncroLive.Agent.Runner.exe, 0000001D.00000002.3576854914.0000022900060000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://tempuri.org/IAgent/GetScreenSharingSenderId
Source: SyncroLive.Agent.Runner.exe, 0000001D.00000002.3576854914.0000022900060000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://tempuri.org/IAgent/GetScreenSharingSenderIdResponse
Source: SyncroLive.Agent.Runner.exe, 0000001D.00000002.3576854914.0000022900060000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://tempuri.org/IAgent/NotifySessionChange
Source: SyncroLive.Agent.Runner.exe, 0000001D.00000002.3576854914.0000022900060000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://tempuri.org/IAgent/Shutdown
Source: Syncro.App.Runner.exe, 0000000D.00000002.2896983400.000002133E312000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://tempuri.org/IMonitoring
Source: Syncro.App.Runner.exe, 00000015.00000002.3363994649.00000207001C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://tempuri.org/IMonitoringService/
Source: Syncro.App.Runner.exe, 00000014.00000002.3260005199.000002CB58580000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://tempuri.org/IMonitoringService/0s
Source: Syncro.App.Runner.exe, 00000015.00000002.3363994649.0000020700371000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000015.00000002.3363994649.000002070034B000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000015.00000002.3363994649.00000207001C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://tempuri.org/IMonitoringService/ApplicationShutdownRequired
Source: Syncro.App.Runner.exe, 0000000D.00000002.2896983400.000002133E312000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000012.00000002.3121137427.00000218BE379000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000014.00000002.3260005199.000002CB58580000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000015.00000002.3363994649.00000207001C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://tempuri.org/IMonitoringService/ApplicationShutdownRequiredResponse
Source: Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A61461000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 0000000D.00000002.2896983400.000002133E312000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 0000000D.00000002.2896983400.000002133DE58000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000012.00000002.3121137427.00000218BE379000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000014.00000002.3260005199.000002CB58580000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000015.00000002.3363994649.00000207001C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://tempuri.org/IMonitoringService/ClearSyncProgressStatus
Source: Syncro.App.Runner.exe, 0000000D.00000002.2896983400.000002133E312000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000012.00000002.3121137427.00000218BE379000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000014.00000002.3260005199.000002CB58580000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000015.00000002.3363994649.00000207001C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://tempuri.org/IMonitoringService/ClearSyncProgressStatusResponse
Source: Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A61461000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 0000000D.00000002.2896983400.000002133E312000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 0000000D.00000002.2896983400.000002133DE58000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000012.00000002.3121137427.00000218BE379000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000014.00000002.3260005199.000002CB58580000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000015.00000002.3363994649.00000207001C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://tempuri.org/IMonitoringService/ExecuteHiddenApp
Source: Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A61461000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 0000000D.00000002.2896983400.000002133E312000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 0000000D.00000002.2896983400.000002133DE58000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000012.00000002.3121137427.00000218BE379000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000014.00000002.3260005199.000002CB58580000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000015.00000002.3363994649.00000207001C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://tempuri.org/IMonitoringService/ExecuteHiddenAppResponse
Source: Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A61461000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 0000000D.00000002.2896983400.000002133E312000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 0000000D.00000002.2896983400.000002133DE58000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000012.00000002.3121137427.00000218BE379000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000014.00000002.3260005199.000002CB58580000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000015.00000002.3363994649.00000207001C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://tempuri.org/IMonitoringService/ExecutePowerShellScript
Source: Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A61461000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 0000000D.00000002.2896983400.000002133E312000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 0000000D.00000002.2896983400.000002133DE58000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000012.00000002.3121137427.00000218BE379000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000014.00000002.3260005199.000002CB58580000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000015.00000002.3363994649.00000207001C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://tempuri.org/IMonitoringService/ExecutePowerShellScriptResponse
Source: Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A61461000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 0000000D.00000002.2896983400.000002133E312000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 0000000D.00000002.2896983400.000002133DE58000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000012.00000002.3121137427.00000218BE379000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000014.00000002.3260005199.000002CB58580000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000015.00000002.3363994649.00000207001C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://tempuri.org/IMonitoringService/FirstSyncShow
Source: Syncro.App.Runner.exe, 0000000D.00000002.2896983400.000002133E312000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000012.00000002.3121137427.00000218BE379000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000014.00000002.3260005199.000002CB58580000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000015.00000002.3363994649.00000207001C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://tempuri.org/IMonitoringService/FirstSyncShowResponse
Source: Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A61461000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 0000000D.00000002.2896983400.000002133E312000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 0000000D.00000002.2896983400.000002133DE58000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000012.00000002.3121137427.00000218BE379000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000014.00000002.3260005199.000002CB58580000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000015.00000002.3363994649.00000207001C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://tempuri.org/IMonitoringService/GenerateChatAlert
Source: Syncro.App.Runner.exe, 0000000D.00000002.2896983400.000002133E312000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000012.00000002.3121137427.00000218BE379000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000014.00000002.3260005199.000002CB58580000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000015.00000002.3363994649.00000207001C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://tempuri.org/IMonitoringService/GenerateChatAlertResponse
Source: Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A61461000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 0000000D.00000002.2896983400.000002133E312000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 0000000D.00000002.2896983400.000002133DE58000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000012.00000002.3121137427.00000218BE379000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000014.00000002.3260005199.000002CB58580000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000015.00000002.3363994649.00000207001C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://tempuri.org/IMonitoringService/GetThumbnailBytes
Source: Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A61461000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 0000000D.00000002.2896983400.000002133E312000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 0000000D.00000002.2896983400.000002133DE58000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000012.00000002.3121137427.00000218BE379000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000014.00000002.3260005199.000002CB58580000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000015.00000002.3363994649.00000207001C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://tempuri.org/IMonitoringService/GetThumbnailBytesResponse
Source: Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A61B6D000.00000004.00000800.00020000.00000000.sdmp, Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A61461000.00000004.00000800.00020000.00000000.sdmp, Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A61ACF000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 0000000D.00000002.2896983400.000002133DF97000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 0000000D.00000002.2896983400.000002133E312000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 0000000D.00000002.2896983400.000002133DE58000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000012.00000002.3121137427.00000218BE4E0000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000012.00000002.3121137427.00000218BE379000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000014.00000002.3260005199.000002CB58602000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000014.00000002.3260005199.000002CB58580000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000015.00000002.3363994649.0000020700251000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000015.00000002.3363994649.00000207001C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://tempuri.org/IMonitoringService/Ping
Source: Syncro.App.Runner.exe, 00000015.00000002.3363994649.0000020700258000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000015.00000002.3363994649.00000207001C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://tempuri.org/IMonitoringService/PingResponse
Source: Syncro.App.Runner.exe, 00000015.00000002.3363994649.000002070034B000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000015.00000002.3363994649.00000207001C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://tempuri.org/IMonitoringService/SetSyncProgressStatus
Source: Syncro.App.Runner.exe, 0000000D.00000002.2896983400.000002133E312000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000012.00000002.3121137427.00000218BE379000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000014.00000002.3260005199.000002CB58580000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000015.00000002.3363994649.00000207001C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://tempuri.org/IMonitoringService/SetSyncProgressStatusResponse
Source: Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A61461000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 0000000D.00000002.2896983400.000002133E312000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 0000000D.00000002.2896983400.000002133DE58000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000012.00000002.3121137427.00000218BE379000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000014.00000002.3260005199.000002CB58580000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000015.00000002.3363994649.00000207001C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://tempuri.org/IMonitoringService/ShowMessage
Source: Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A61461000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 0000000D.00000002.2896983400.000002133E312000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 0000000D.00000002.2896983400.000002133DE58000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000012.00000002.3121137427.00000218BE379000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000014.00000002.3260005199.000002CB58580000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000015.00000002.3363994649.00000207001C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://tempuri.org/IMonitoringService/ShowMessageResponse
Source: Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A61461000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 0000000D.00000002.2896983400.000002133E312000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 0000000D.00000002.2896983400.000002133DE58000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000012.00000002.3121137427.00000218BE379000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000014.00000002.3260005199.000002CB58580000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000015.00000002.3363994649.00000207001C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://tempuri.org/IMonitoringService/ShowPrompt
Source: Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A61461000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 0000000D.00000002.2896983400.000002133E312000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 0000000D.00000002.2896983400.000002133DE58000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000012.00000002.3121137427.00000218BE379000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000014.00000002.3260005199.000002CB58580000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000015.00000002.3363994649.00000207001C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://tempuri.org/IMonitoringService/ShowPromptResponse
Source: Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A61B7C000.00000004.00000800.00020000.00000000.sdmp, Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A61783000.00000004.00000800.00020000.00000000.sdmp, Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A61461000.00000004.00000800.00020000.00000000.sdmp, Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A61ACF000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 0000000D.00000002.2896983400.000002133E312000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000012.00000002.3121137427.00000218BE379000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000014.00000002.3260005199.000002CB58580000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000015.00000002.3363994649.00000207001C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://tempuri.org/IMonitoringService/Subscribe
Source: Syncro.App.Runner.exe, 0000000D.00000002.2896983400.000002133DF97000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000012.00000002.3121137427.00000218BE4E0000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000014.00000002.3260005199.000002CB58602000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000015.00000002.3363994649.0000020700251000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://tempuri.org/IMonitoringService/Subscribe.net.pipe://localhost/Syncro.Service/Monitoring
Source: Syncro.App.Runner.exe, 0000000D.00000002.2896983400.000002133DE58000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://tempuri.org/IMonitoringService/Subscribe0h
Source: Syncro.App.Runner.exe, 0000000D.00000002.2896983400.000002133E312000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000012.00000002.3121137427.00000218BE379000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000014.00000002.3260005199.000002CB58580000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000015.00000002.3363994649.00000207001C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://tempuri.org/IMonitoringService/SubscribeResponse
Source: Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A61461000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 0000000D.00000002.2896983400.000002133E312000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 0000000D.00000002.2896983400.000002133DE58000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000012.00000002.3121137427.00000218BE379000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000014.00000002.3260005199.000002CB58580000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000015.00000002.3363994649.00000207001C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://tempuri.org/IMonitoringService/TriggerAlert
Source: Syncro.App.Runner.exe, 0000000D.00000002.2896983400.000002133E312000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000012.00000002.3121137427.00000218BE379000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000014.00000002.3260005199.000002CB58580000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000015.00000002.3363994649.00000207001C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://tempuri.org/IMonitoringService/TriggerAlertResponse
Source: Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A61461000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 0000000D.00000002.2896983400.000002133DFA3000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 0000000D.00000002.2896983400.000002133E312000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 0000000D.00000002.2896983400.000002133DE58000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000012.00000002.3121137427.00000218BE5CB000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000012.00000002.3121137427.00000218BE379000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000014.00000002.3260005199.000002CB58580000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000014.00000002.3260005199.000002CB586FD000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000015.00000002.3363994649.000002070034B000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000015.00000002.3363994649.00000207001C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://tempuri.org/IMonitoringService/UpdateShop
Source: Syncro.App.Runner.exe, 0000000D.00000002.2896983400.000002133E312000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000012.00000002.3121137427.00000218BE379000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000014.00000002.3260005199.000002CB58580000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000015.00000002.3363994649.00000207001C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://tempuri.org/IMonitoringService/UpdateShopResponse
Source: Syncro.App.Runner.exe, 0000000D.00000002.2896983400.000002133E312000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://tempuri.org/IMonitoringh
Source: Syncro.App.Runner.exe, 0000000D.00000002.2896983400.000002133E312000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://tempuri.org/IMonitoringp
Source: SyncroLive.Service.Runner.exe, 0000001C.00000002.3604207409.0000023854781000.00000004.00000800.00020000.00000000.sdmp, SyncroLive.Agent.Runner.exe, 0000001D.00000002.3576854914.000002290015C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://tempuri.org/IService/EndSession
Source: SyncroLive.Service.Runner.exe, 0000001C.00000002.3604207409.0000023854862000.00000004.00000800.00020000.00000000.sdmp, SyncroLive.Service.Runner.exe, 0000001C.00000002.3604207409.0000023854848000.00000004.00000800.00020000.00000000.sdmp, SyncroLive.Agent.Runner.exe, 0000001D.00000002.3576854914.000002290015C000.00000004.00000800.00020000.00000000.sdmp, SyncroLive.Agent.Runner.exe, 0000001D.00000002.3576854914.00000229001A0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://tempuri.org/IService/GetStoredScreenSharingSenderId
Source: SyncroLive.Service.Runner.exe, 0000001C.00000002.3604207409.0000023854781000.00000004.00000800.00020000.00000000.sdmp, SyncroLive.Agent.Runner.exe, 0000001D.00000002.3576854914.00000229001AB000.00000004.00000800.00020000.00000000.sdmp, SyncroLive.Agent.Runner.exe, 0000001D.00000002.3576854914.000002290015C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://tempuri.org/IService/GetStoredScreenSharingSenderIdResponse
Source: SyncroLive.Service.Runner.exe, 0000001C.00000002.3604207409.0000023854862000.00000004.00000800.00020000.00000000.sdmp, SyncroLive.Agent.Runner.exe, 0000001D.00000002.3576854914.00000229001AB000.00000004.00000800.00020000.00000000.sdmp, SyncroLive.Agent.Runner.exe, 0000001D.00000002.3576854914.00000229001A0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://tempuri.org/IService/GetStoredScreenSharingSenderIdResponse&GetStoredScreenSharingSenderIdRes
Source: SyncroLive.Service.Runner.exe, 0000001C.00000002.3604207409.0000023854781000.00000004.00000800.00020000.00000000.sdmp, SyncroLive.Agent.Runner.exe, 0000001D.00000002.3576854914.000002290015C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://tempuri.org/IService/SendCtrlAltDel
Source: SyncroLive.Service.Runner.exe, 0000001C.00000002.3604207409.0000023854781000.00000004.00000800.00020000.00000000.sdmp, SyncroLive.Agent.Runner.exe, 0000001D.00000002.3576854914.000002290015C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://tempuri.org/IService/SetScreenSharingSenderId
Source: SyncroLive.Service.Runner.exe, 0000001C.00000002.3604207409.0000023854781000.00000004.00000800.00020000.00000000.sdmp, SyncroLive.Agent.Runner.exe, 0000001D.00000002.3576854914.000002290015C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://tempuri.org/IService/StartScreenSharingInTargetSession
Source: SyncroLive.Service.Runner.exe, 0000001C.00000002.3604207409.0000023854781000.00000004.00000800.00020000.00000000.sdmp, SyncroLive.Agent.Runner.exe, 0000001D.00000002.3576854914.000002290015C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://tempuri.org/IService/StartScreenSharingInTargetSessionResponse
Source: Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A61B6D000.00000004.00000800.00020000.00000000.sdmp, Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A61A7B000.00000004.00000800.00020000.00000000.sdmp, Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A616A7000.00000004.00000800.00020000.00000000.sdmp, Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A61653000.00000004.00000800.00020000.00000000.sdmp, Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A61ACF000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 0000000D.00000002.2896983400.000002133DFCF000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000012.00000002.3121137427.00000218BE29E000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000012.00000002.3121137427.00000218BE5CB000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000014.00000002.3260005199.000002CB58632000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000014.00000002.3260005199.000002CB583BE000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000015.00000002.3363994649.0000020700281000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000015.00000002.3363994649.000002070000E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://tempuri.org/IUserRequestService/GetLastAppCrashAnalysis
Source: Syncro.App.Runner.exe, 0000000D.00000002.2896983400.000002133DD81000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://tempuri.org/IUserRequestService/GetLastAppCrashAnalysis0h
Source: Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A61783000.00000004.00000800.00020000.00000000.sdmp, Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A61653000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 0000000D.00000002.2896983400.000002133DD81000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 0000000D.00000002.2896983400.000002133DE58000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 0000000D.00000002.2896983400.000002133DFCF000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000012.00000002.3121137427.00000218BE29E000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000012.00000002.3121137427.00000218BE5CB000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000014.00000002.3260005199.000002CB58632000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000014.00000002.3260005199.000002CB583BE000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000015.00000002.3363994649.0000020700281000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000015.00000002.3363994649.000002070000E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://tempuri.org/IUserRequestService/GetLastAppCrashAnalysisResponse
Source: Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A61BEB000.00000004.00000800.00020000.00000000.sdmp, Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A61B7C000.00000004.00000800.00020000.00000000.sdmp, Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A617A4000.00000004.00000800.00020000.00000000.sdmp, Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A617F6000.00000004.00000800.00020000.00000000.sdmp, Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A61B6D000.00000004.00000800.00020000.00000000.sdmp, Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A61ACF000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000012.00000002.3121137427.00000218BE36B000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000012.00000002.3121137427.00000218BE5CB000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000012.00000002.3121137427.00000218BE379000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000014.00000002.3260005199.000002CB58499000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000014.00000002.3260005199.000002CB5848B000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000014.00000002.3260005199.000002CB58632000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000015.00000002.3363994649.00000207000E9000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000015.00000002.3363994649.0000020700281000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000015.00000002.3363994649.00000207000DB000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://tempuri.org/IUserRequestService/GetLastAppCrashAnalysisResponseD
Source: Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A61653000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 0000000D.00000002.2896983400.000002133DD81000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000012.00000002.3121137427.00000218BE29E000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000014.00000002.3260005199.000002CB583BE000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000015.00000002.3363994649.000002070000E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://tempuri.org/IUserRequestService/InternalCommand
Source: Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A61653000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 0000000D.00000002.2896983400.000002133DD81000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000012.00000002.3121137427.00000218BE29E000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000014.00000002.3260005199.000002CB583BE000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000015.00000002.3363994649.000002070000E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://tempuri.org/IUserRequestService/InternalCommandResponse
Source: Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A61653000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 0000000D.00000002.2896983400.000002133DD81000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000012.00000002.3121137427.00000218BE29E000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000014.00000002.3260005199.000002CB583BE000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000015.00000002.3363994649.000002070000E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://tempuri.org/IUserRequestService/RunRemoteApplication
Source: Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A61653000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 0000000D.00000002.2896983400.000002133DD81000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000012.00000002.3121137427.00000218BE29E000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000014.00000002.3260005199.000002CB583BE000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000015.00000002.3363994649.000002070000E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://tempuri.org/IUserRequestService/RunRemoteApplicationResponse
Source: Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A61653000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000012.00000002.3121137427.00000218BE29E000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000014.00000002.3260005199.000002CB583BE000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://tempuri.org/IUserRequestService/SendMessage
Source: Syncro.App.Runner.exe, 0000000D.00000002.2896983400.000002133DD81000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://tempuri.org/IUserRequestService/SendMessage0h
Source: Syncro.App.Runner.exe, 00000015.00000002.3363994649.000002070000E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://tempuri.org/IUserRequestService/SendMessage2403
Source: Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A61653000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 0000000D.00000002.2896983400.000002133DD81000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000012.00000002.3121137427.00000218BE29E000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000014.00000002.3260005199.000002CB583BE000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000015.00000002.3363994649.000002070000E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://tempuri.org/IUserRequestService/SendMessageResponse
Source: Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A61653000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 0000000D.00000002.2896983400.000002133DD81000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000012.00000002.3121137427.00000218BE29E000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000014.00000002.3260005199.000002CB583BE000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000015.00000002.3363994649.000002070000E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://tempuri.org/IUserRequestService/SendScreenshot
Source: Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A61653000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 0000000D.00000002.2896983400.000002133DD81000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000012.00000002.3121137427.00000218BE29E000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000014.00000002.3260005199.000002CB583BE000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000015.00000002.3363994649.000002070000E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://tempuri.org/IUserRequestService/SendScreenshotResponse
Source: Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A61653000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 0000000D.00000002.2896983400.000002133DD81000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000012.00000002.3121137427.00000218BE29E000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000014.00000002.3260005199.000002CB583BE000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000015.00000002.3363994649.000002070000E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://tempuri.org/IUserRequestService/SendSyncroRequestService
Source: Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A61653000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 0000000D.00000002.2896983400.000002133DD81000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000012.00000002.3121137427.00000218BE29E000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000014.00000002.3260005199.000002CB583BE000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000015.00000002.3363994649.000002070000E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://tempuri.org/IUserRequestService/SendSyncroRequestServiceResponse
Source: Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A61653000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 0000000D.00000002.2896983400.000002133DD81000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000012.00000002.3121137427.00000218BE29E000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000014.00000002.3260005199.000002CB583BE000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000015.00000002.3363994649.000002070000E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://tempuri.org/IUserRequestService/SetLastAppCrashAnalysis
Source: Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A61653000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 0000000D.00000002.2896983400.000002133DD81000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000012.00000002.3121137427.00000218BE29E000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000014.00000002.3260005199.000002CB583BE000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000015.00000002.3363994649.000002070000E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://tempuri.org/IUserRequestService/SetLastAppCrashAnalysisResponse
Source: Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A61653000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 0000000D.00000002.2896983400.000002133DD81000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000012.00000002.3121137427.00000218BE29E000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000014.00000002.3260005199.000002CB583BE000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000015.00000002.3363994649.000002070000E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://tempuri.org/IUserRequestService/UpdateCustomerContacts
Source: Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A61653000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 0000000D.00000002.2896983400.000002133DD81000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000012.00000002.3121137427.00000218BE29E000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000015.00000002.3363994649.000002070000E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://tempuri.org/IUserRequestService/UpdateCustomerContactsResponse
Source: Syncro.App.Runner.exe, 00000014.00000002.3260005199.000002CB583BE000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://tempuri.org/IUserRequestService/UpdateCustomerContactsResponse0s
Source: Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A617F6000.00000004.00000800.00020000.00000000.sdmp, Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A61B6D000.00000004.00000800.00020000.00000000.sdmp, Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A61A7B000.00000004.00000800.00020000.00000000.sdmp, Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A61653000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 0000000D.00000002.2896983400.000002133DD81000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000012.00000002.3121137427.00000218BE29E000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000014.00000002.3260005199.000002CB583BE000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000015.00000002.3363994649.000002070000E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://tempuri.org/IUserRequestService/get_Device
Source: Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A61653000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 0000000D.00000002.2896983400.000002133DD81000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 0000000D.00000002.2896983400.000002133DE58000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000012.00000002.3121137427.00000218BE29E000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000012.00000002.3121137427.00000218BE379000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000014.00000002.3260005199.000002CB58499000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000014.00000002.3260005199.000002CB583BE000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000015.00000002.3363994649.00000207000E9000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000015.00000002.3363994649.000002070000E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://tempuri.org/IUserRequestService/get_DeviceResponse
Source: Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A61653000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 0000000D.00000002.2896983400.000002133DD81000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000012.00000002.3121137427.00000218BE29E000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000014.00000002.3260005199.000002CB583BE000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000015.00000002.3363994649.000002070000E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://tempuri.org/IUserRequestService/get_ManagedAntiVirusSettings
Source: Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A61653000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 0000000D.00000002.2896983400.000002133DD81000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000012.00000002.3121137427.00000218BE29E000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000014.00000002.3260005199.000002CB583BE000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000015.00000002.3363994649.000002070000E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://tempuri.org/IUserRequestService/get_ManagedAntiVirusSettingsResponse
Source: Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A61653000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 0000000D.00000002.2896983400.000002133DD81000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000012.00000002.3121137427.00000218BE29E000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000014.00000002.3260005199.000002CB583BE000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000015.00000002.3363994649.000002070000E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://tempuri.org/IUserRequestService/get_PatchManagementSettings
Source: Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A61653000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 0000000D.00000002.2896983400.000002133DD81000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000012.00000002.3121137427.00000218BE29E000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000014.00000002.3260005199.000002CB583BE000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000015.00000002.3363994649.000002070000E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://tempuri.org/IUserRequestService/get_PatchManagementSettingsResponse
Source: Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A61653000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 0000000D.00000002.2896983400.000002133DD81000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000012.00000002.3121137427.00000218BE29E000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000014.00000002.3260005199.000002CB583BE000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000015.00000002.3363994649.000002070000E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://tempuri.org/IUserRequestService/get_RemoteApplications
Source: Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A61653000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 0000000D.00000002.2896983400.000002133DD81000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000012.00000002.3121137427.00000218BE29E000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000014.00000002.3260005199.000002CB583BE000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000015.00000002.3363994649.000002070000E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://tempuri.org/IUserRequestService/get_RemoteApplicationsResponse
Source: Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A61653000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000012.00000002.3121137427.00000218BE29E000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000015.00000002.3363994649.000002070000E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://tempuri.org/IUserRequestService/get_Settings
Source: Syncro.App.Runner.exe, 0000000D.00000002.2896983400.000002133DD81000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://tempuri.org/IUserRequestService/get_Settings0h
Source: Syncro.App.Runner.exe, 00000014.00000002.3260005199.000002CB583BE000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://tempuri.org/IUserRequestService/get_SettingsP
Source: Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A61653000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 0000000D.00000002.2896983400.000002133DD81000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000012.00000002.3121137427.00000218BE29E000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000014.00000002.3260005199.000002CB583BE000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000015.00000002.3363994649.000002070000E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://tempuri.org/IUserRequestService/get_SettingsResponse
Source: Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A61B7C000.00000004.00000800.00020000.00000000.sdmp, Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A61653000.00000004.00000800.00020000.00000000.sdmp, Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A61ACF000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 0000000D.00000002.2896983400.000002133E0DD000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 0000000D.00000002.2896983400.000002133DD81000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000012.00000002.3121137427.00000218BE29E000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000014.00000002.3260005199.000002CB5874B000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000014.00000002.3260005199.000002CB583BE000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000015.00000002.3363994649.000002070000E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://tempuri.org/IUserRequestService/get_Shop
Source: Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A61B7C000.00000004.00000800.00020000.00000000.sdmp, Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A61653000.00000004.00000800.00020000.00000000.sdmp, Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A61ACF000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 0000000D.00000002.2896983400.000002133E0DD000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 0000000D.00000002.2896983400.000002133DD81000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 0000000D.00000002.2896983400.000002133DE58000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000012.00000002.3121137427.00000218BE29E000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000012.00000002.3121137427.00000218BE379000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000014.00000002.3260005199.000002CB58499000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000014.00000002.3260005199.000002CB5874B000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000014.00000002.3260005199.000002CB583BE000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000015.00000002.3363994649.00000207000E9000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000015.00000002.3363994649.000002070000E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://tempuri.org/IUserRequestService/get_ShopResponse
Source: Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A61653000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 0000000D.00000002.2896983400.000002133DD81000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000012.00000002.3121137427.00000218BE29E000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000014.00000002.3260005199.000002CB583BE000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000015.00000002.3363994649.000002070000E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://tempuri.org/IUserRequestService/get_WindowsPatchManagementSettings
Source: Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A61653000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 0000000D.00000002.2896983400.000002133DD81000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000012.00000002.3121137427.00000218BE29E000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000014.00000002.3260005199.000002CB583BE000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000015.00000002.3363994649.000002070000E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://tempuri.org/IUserRequestService/get_WindowsPatchManagementSettingsResponse
Source: Syncro.App.Runner.exe, 0000000D.00000002.2896983400.000002133DF9F000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 0000000D.00000002.2896983400.000002133DF97000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000012.00000002.3121137427.00000218BE4E9000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000012.00000002.3121137427.00000218BE4E0000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000012.00000002.3121137427.00000218BE4E7000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000014.00000002.3260005199.000002CB58609000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000014.00000002.3260005199.000002CB58602000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000015.00000002.3363994649.0000020700251000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000015.00000002.3363994649.0000020700258000.00000004.00000800.00020000.00000000.sdmp, SyncroLive.Service.Runner.exe, 0000001C.00000002.3604207409.0000023854862000.00000004.00000800.00020000.00000000.sdmp, SyncroLive.Service.Runner.exe, 0000001C.00000002.3604207409.0000023854848000.00000004.00000800.00020000.00000000.sdmp, SyncroLive.Agent.Runner.exe, 0000001D.00000002.3576854914.00000229001A0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://tempuri.org/V
Source: Syncro.App.Runner.exe, 0000000D.00000002.2896983400.000002133DE58000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000012.00000002.3121137427.00000218BE379000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000014.00000002.3260005199.000002CB58580000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000015.00000002.3363994649.00000207001C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://tempuri.org/X
Source: Syncro.App.Runner.exe, 0000000D.00000002.2896983400.000002133DE58000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000012.00000002.3121137427.00000218BE379000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000014.00000002.3260005199.000002CB58580000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000015.00000002.3363994649.00000207001C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://tempuri.org/x
Source: OpenHardwareMonitorLib.dll0.17.dr String found in binary or memory: http://www.abit.com.tw/
Source: Syncro.Installer.exe, 00000002.00000002.2316441248.0000021C100F2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: Syncro.Installer.exe, 00000002.00000002.2316441248.0000021C100F2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0Digitized
Source: Syncro.Installer.exe, 00000002.00000002.2316441248.0000021C100F2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.ascendercorp.com/http://www.ascendercorp.com/typedesigners.htmlLicensed
Source: Syncro.Overmind.Service.exe, 00000011.00000002.3594084272.0000023C0F567000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.asp.net/
Source: Syncro.Installer.exe, 00000002.00000002.2309646185.0000021C0010A000.00000004.00000800.00020000.00000000.sdmp, Syncro.Installer.exe, 00000002.00000002.2316441248.0000021C10001000.00000004.00000800.00020000.00000000.sdmp, Syncro.Installer.exe, 00000002.00000002.2323006385.0000021C755C0000.00000004.08000000.00040000.00000000.sdmp, Syncro.Overmind.Service.exe, 0000000E.00000002.2467329958.0000017216854000.00000004.00000800.00020000.00000000.sdmp, Syncro.Overmind.Service.exe, 0000000E.00000002.2467329958.00000172165C9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.digicert.com/CPS0
Source: Microsoft.Data.OData.resources.dll4.2.dr String found in binary or memory: http://www.iana.org/assignments/relation/edit
Source: InstallUtil.exe, 00000006.00000002.2258001463.000002070B332000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.w3.o
Source: InstallUtil.exe, 00000006.00000002.2258001463.000002070B332000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.w3.oh
Source: Syncro.App.Runner.exe, 0000000D.00000002.2911244289.00000213565C2000.00000002.00000001.01000000.00000017.sdmp String found in binary or memory: https://$2$3.$4$5
Source: Syncro.Installer.exe, 00000002.00000002.2309646185.0000021C0048A000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://admin.syncP
Source: Syncro.Installer.exe, 00000002.00000002.2309646185.0000021C0048A000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://admin.syncroap
Source: Syncro.App.Runner.exe, 00000014.00000002.3260005199.000002CB5874B000.00000004.00000800.00020000.00000000.sdmp, INVOICE31401001340.exe String found in binary or memory: https://admin.syncroapi.com
Source: Syncro.Installer.exe, 00000002.00000002.2309646185.0000021C0048A000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://admin.syncroapi.com(Q
Source: Syncro.Installer.exe, 00000002.00000002.2309646185.0000021C0010A000.00000004.00000800.00020000.00000000.sdmp, Syncro.Installer.exe, 00000002.00000002.2309646185.0000021C0048A000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://admin.syncroapi.com/
Source: Syncro.Installer.exe, 00000002.00000002.2309646185.0000021C00447000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://admin.syncroapi.com/(L
Source: Syncro.Installer.exe, 00000002.00000002.2309646185.0000021C0048A000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://admin.syncroapi.com/(Q
Source: Syncro.Installer.exe, 00000002.00000002.2309646185.0000021C0048A000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://admin.syncroapi.com/api/syncro_device/installers/policy_id.json?customer_id=1375393&folder_i
Source: Syncro.Installer.exe, 00000002.00000002.2309646185.0000021C00447000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://admin.syncroapi.com/x
Source: Syncro.App.Runner.exe, 0000000D.00000002.2896983400.000002133E0DD000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://admin.syncroapi.comP
Source: INVOICE31401001340.exe, 00000000.00000002.2353079397.0000000013189000.00000004.00000800.00020000.00000000.sdmp, INVOICE31401001340.exe, 00000000.00000000.2120038499.0000000000672000.00000002.00000001.01000000.00000003.sdmp, Syncro.Installer.exe, 00000002.00000000.2130594520.0000021C72832000.00000002.00000001.01000000.00000006.sdmp, Syncro.Service.Runner.exe, 00000009.00000002.3484993397.0000022A7A302000.00000002.00000001.01000000.0000003A.sdmp, SyncroLive.Service.Runner.exe, 0000001C.00000002.3594248962.0000023854622000.00000002.00000001.01000000.0000004B.sdmp String found in binary or memory: https://api.github.com/#
Source: Syncro.Overmind.Service.exe, 0000000E.00000002.2464315427.0000017206571000.00000004.00000800.00020000.00000000.sdmp, Syncro.Overmind.Service.exe, 00000011.00000002.3594084272.0000023C0F231000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://api.rollbar.com
Source: Syncro.Overmind.Service.exe, 0000000E.00000002.2467329958.00000172165C9000.00000004.00000800.00020000.00000000.sdmp, Syncro.Overmind.Service.exe, 00000011.00000002.3594084272.0000023C0F231000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://api.rollbar.com/api/1/
Source: Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A61461000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 0000000D.00000002.2896983400.000002133E0DD000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 0000000D.00000002.2915268034.0000021356872000.00000002.00000001.01000000.0000001D.sdmp, Syncro.App.Runner.exe, 0000000D.00000002.2896983400.000002133DE58000.00000004.00000800.00020000.00000000.sdmp, Syncro.Overmind.Service.exe, 0000000E.00000002.2464315427.0000017206571000.00000004.00000800.00020000.00000000.sdmp, Syncro.Overmind.Service.exe, 00000011.00000002.3594084272.0000023C0F231000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000012.00000002.3121137427.00000218BE723000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000012.00000002.3121137427.00000218BE379000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000014.00000002.3260005199.000002CB58499000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000014.00000002.3260005199.000002CB5874B000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000015.00000002.3363994649.00000207000E9000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000015.00000002.3363994649.0000020700422000.00000004.00000800.00020000.00000000.sdmp, SyncroLive.Service.Runner.exe, 0000001C.00000002.3604207409.0000023854781000.00000004.00000800.00020000.00000000.sdmp, SyncroLive.Agent.Runner.exe, 0000001D.00000002.3576854914.0000022900001000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://api.rollbar.com/api/1/item/
Source: Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A61ECB000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://dl.emsisoft.com/EmsisoftAntiMalwareSetup.exe
Source: Syncro.Installer.exe, 00000002.00000002.2309646185.0000021C005F5000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://dl.emsisoft.com/EmsisoftAntiMalwareSetup.exe(
Source: Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A61ECB000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://dl.emsisoft.com/EmsisoftAntiMalwareSetup32.msi
Source: Syncro.Installer.exe, 00000002.00000002.2309646185.0000021C005F5000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://dl.emsisoft.com/EmsisoftAntiMalwareSetup32.msi(
Source: Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A61ECB000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://dl.emsisoft.com/EmsisoftAntiMalwareSetup64.msi
Source: Syncro.Installer.exe, 00000002.00000002.2309646185.0000021C005F5000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://dl.emsisoft.com/EmsisoftAntiMalwareSetup64.msi(
Source: Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A61ACF000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://dl.emsisoft.com/EmsisoftAntiMalwareSetup64.msiC
Source: Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A61B7C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://dl.emsisoft.com/EmsisoftAntiMalwareSetup64.msia
Source: Syncro.Installer.exe, 00000002.00000002.2324699686.0000021C75AE0000.00000004.08000000.00040000.00000000.sdmp, Syncro.Service.Runner.exe, 00000009.00000002.3474168240.0000022A79D42000.00000002.00000001.01000000.00000033.sdmp String found in binary or memory: https://fingfilesstorage.blob.core.windows.net/fingfiles/FingKitHost.zip
Source: Syncro.Installer.exe, 00000002.00000002.2324699686.0000021C75AE0000.00000004.08000000.00040000.00000000.sdmp, Syncro.Service.Runner.exe, 00000009.00000002.3474168240.0000022A79D42000.00000002.00000001.01000000.00000033.sdmp String found in binary or memory: https://fingfilesstorage.blob.core.windows.net/fingfiles/FingKitHost.zipKWinPCap
Source: Syncro.Installer.exe, 00000002.00000002.2324699686.0000021C75AE0000.00000004.08000000.00040000.00000000.sdmp, Syncro.Service.Runner.exe, 00000009.00000002.3474168240.0000022A79D42000.00000002.00000001.01000000.00000033.sdmp String found in binary or memory: https://fingfilesstorage.blob.core.windows.net/winpcap/winpcap-fing-4.1.3.exe
Source: svchost.exe, 00000003.00000003.2157620147.0000015ABEB9E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://g.live.com/odclientsettings/Prod1C:
Source: svchost.exe, 00000003.00000003.2157620147.0000015ABEB40000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://g.live.com/odclientsettings/ProdV21C:
Source: Syncro.Installer.exe, 00000002.00000002.2309646185.0000021C0010A000.00000004.00000800.00020000.00000000.sdmp, Syncro.Installer.exe, 00000002.00000002.2316441248.0000021C10001000.00000004.00000800.00020000.00000000.sdmp, Syncro.Installer.exe, 00000002.00000002.2323006385.0000021C755C0000.00000004.08000000.00040000.00000000.sdmp, Syncro.App.Runner.exe, 0000000D.00000002.2915904761.0000021356952000.00000002.00000001.01000000.00000020.sdmp, Syncro.Overmind.Service.exe, 0000000E.00000002.2467329958.0000017216854000.00000004.00000800.00020000.00000000.sdmp, Syncro.Overmind.Service.exe, 0000000E.00000002.2467329958.00000172165C9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://github.com/JamesNK/Newtonsoft.Json
Source: INVOICE31401001340.exe, 00000000.00000002.2353079397.0000000013189000.00000004.00000800.00020000.00000000.sdmp, INVOICE31401001340.exe, 00000000.00000000.2120038499.0000000000672000.00000002.00000001.01000000.00000003.sdmp, Syncro.Installer.exe, 00000002.00000000.2130594520.0000021C72832000.00000002.00000001.01000000.00000006.sdmp String found in binary or memory: https://github.com/XamlAnimatedGif/XamlAnimatedGif
Source: deniszykov.WebSocketListener.dll.17.dr String found in binary or memory: https://github.com/deniszykov/WebSocketListener
Source: deniszykov.WebSocketListener.dll.17.dr String found in binary or memory: https://github.com/deniszykov/WebSocketListener6
Source: Syncro.Service.Runner.exe, 00000009.00000002.3371599333.0000022A61302000.00000002.00000001.01000000.0000002E.sdmp String found in binary or memory: https://github.com/dotnet/corefx/tree/7601f4f6225089ffb291dc7d58293c7bbf5c5d4f
Source: Syncro.Service.Runner.exe, 00000009.00000002.3371599333.0000022A61302000.00000002.00000001.01000000.0000002E.sdmp String found in binary or memory: https://github.com/dotnet/corefx/tree/7601f4f6225089ffb291dc7d58293c7bbf5c5d4f8
Source: INVOICE31401001340.exe, 00000000.00000002.2353079397.0000000013189000.00000004.00000800.00020000.00000000.sdmp, INVOICE31401001340.exe, 00000000.00000000.2120038499.0000000000672000.00000002.00000001.01000000.00000003.sdmp, Syncro.Installer.exe, 00000002.00000000.2130594520.0000021C72832000.00000002.00000001.01000000.00000006.sdmp, Syncro.Service.Runner.exe, 00000009.00000002.3484993397.0000022A7A302000.00000002.00000001.01000000.0000003A.sdmp, SyncroLive.Service.Runner.exe, 0000001C.00000002.3594248962.0000023854622000.00000002.00000001.01000000.0000004B.sdmp String found in binary or memory: https://github.com/myuser/myrepo
Source: Syncro.Overmind.Service.exe, 0000000E.00000002.2473696770.000001721ECB0000.00000004.08000000.00040000.00000000.sdmp String found in binary or memory: https://github.com/olsh/serilog-sinks-rollbar
Source: Syncro.App.Runner.exe, 0000000D.00000002.2911244289.00000213565C2000.00000002.00000001.01000000.00000017.sdmp String found in binary or memory: https://github.com/repairtech/privacy-policy
Source: Syncro.Overmind.Service.exe, 0000000E.00000002.2472945190.000001721EC70000.00000004.08000000.00040000.00000000.sdmp, Syncro.Overmind.Service.exe, 0000000E.00000002.2467329958.0000017216593000.00000004.00000800.00020000.00000000.sdmp, Syncro.Overmind.Service.exe, 0000000E.00000002.2467329958.00000172165C9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://github.com/rollbar/Rollbar.NET.git
Source: Syncro.Overmind.Service.exe, 0000000E.00000002.2472791182.000001721EC60000.00000004.08000000.00040000.00000000.sdmp String found in binary or memory: https://github.com/serilog/serilog-sinks-file
Source: Syncro.Overmind.Service.exe, 0000000E.00000002.2472791182.000001721EC60000.00000004.08000000.00040000.00000000.sdmp String found in binary or memory: https://github.com/serilog/serilog-sinks-fileC
Source: Syncro.Overmind.Service.exe, 0000000E.00000002.2463966937.0000017206510000.00000004.08000000.00040000.00000000.sdmp String found in binary or memory: https://github.com/serilog/serilog.git
Source: SyncroLive.Service.Runner.exe, 0000001C.00000002.3597764051.0000023854662000.00000002.00000001.01000000.0000004C.sdmp String found in binary or memory: https://github.com/serilog/serilog/pull/819.
Source: Syncro.Installer.exe, 00000002.00000002.2309646185.0000021C00447000.00000004.00000800.00020000.00000000.sdmp, Syncro.Installer.exe, 00000002.00000002.2322783144.0000021C75550000.00000004.08000000.00040000.00000000.sdmp, Syncro.Installer.exe, 00000002.00000002.2309646185.0000021C0048A000.00000004.00000800.00020000.00000000.sdmp, Syncro.Installer.exe, 00000002.00000002.2326708476.0000021C770F0000.00000004.08000000.00040000.00000000.sdmp, Syncro.Service.Runner.exe, 00000009.00000002.3494544518.0000022A7A682000.00000002.00000001.01000000.0000003D.sdmp, Syncro.App.Runner.exe, 0000000D.00000002.2914410699.0000021356792000.00000002.00000001.01000000.00000019.sdmp, Syncro.Overmind.Service.exe, 0000000E.00000002.2464154751.0000017206540000.00000004.08000000.00040000.00000000.sdmp String found in binary or memory: https://github.com/tmenier/Flurl.git
Source: Syncro.Installer.exe, 00000002.00000002.2309646185.0000021C00447000.00000004.00000800.00020000.00000000.sdmp, Syncro.Installer.exe, 00000002.00000002.2322783144.0000021C75550000.00000004.08000000.00040000.00000000.sdmp, Syncro.Installer.exe, 00000002.00000002.2309646185.0000021C0048A000.00000004.00000800.00020000.00000000.sdmp, Syncro.Installer.exe, 00000002.00000002.2326708476.0000021C770F0000.00000004.08000000.00040000.00000000.sdmp, Syncro.Service.Runner.exe, 00000009.00000002.3494544518.0000022A7A682000.00000002.00000001.01000000.0000003D.sdmp, Syncro.App.Runner.exe, 0000000D.00000002.2914410699.0000021356792000.00000002.00000001.01000000.00000019.sdmp, Syncro.Overmind.Service.exe, 0000000E.00000002.2464154751.0000017206540000.00000004.08000000.00040000.00000000.sdmp String found in binary or memory: https://github.com/tmenier/Flurl.git5
Source: Syncro.App.Runner.exe, 00000014.00000002.3260005199.000002CB5874B000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ld.aurelius.host
Source: Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A61F34000.00000004.00000800.00020000.00000000.sdmp, Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A61D75000.00000004.00000800.00020000.00000000.sdmp, Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A61E62000.00000004.00000800.00020000.00000000.sdmp, Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A61CF7000.00000004.00000800.00020000.00000000.sdmp, Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A61ECB000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ld.aurelius.host(Q
Source: Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A61F20000.00000004.00000800.00020000.00000000.sdmp, Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A61DB7000.00000004.00000800.00020000.00000000.sdmp, Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A61CF7000.00000004.00000800.00020000.00000000.sdmp, Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A61ECB000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ld.aurelius.host/(Q
Source: Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A61D75000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ld.aurelius.host/0l
Source: Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A61F20000.00000004.00000800.00020000.00000000.sdmp, Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A61DB7000.00000004.00000800.00020000.00000000.sdmp, Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A61D75000.00000004.00000800.00020000.00000000.sdmp, Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A61CF7000.00000004.00000800.00020000.00000000.sdmp, Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A61ECB000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ld.aurelius.host:443X
Source: Syncro.App.Runner.exe, 0000000D.00000002.2896983400.000002133E0DD000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ld.aurelius.hostP
Source: Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A61ACF000.00000004.00000800.00020000.00000000.sdmp, Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A61ECB000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://my.splashtop.com/csrs/mac
Source: Syncro.Installer.exe, 00000002.00000002.2309646185.0000021C005F5000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://my.splashtop.com/csrs/mac(
Source: Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A61ECB000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://my.splashtop.com/csrs/win
Source: Syncro.Installer.exe, 00000002.00000002.2309646185.0000021C005F5000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://my.splashtop.com/csrs/win(
Source: Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A61B7C000.00000004.00000800.00020000.00000000.sdmp, Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A617F6000.00000004.00000800.00020000.00000000.sdmp, Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A61ACF000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000012.00000002.3121137427.00000218BE36B000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000012.00000002.3121137427.00000218BE379000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000012.00000002.3121137427.00000218BE7E6000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000014.00000002.3260005199.000002CB58499000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000014.00000002.3260005199.000002CB5848B000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000014.00000002.3260005199.000002CB58907000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000015.00000002.3363994649.00000207000E9000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000015.00000002.3363994649.0000020700422000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000015.00000002.3363994649.00000207000DB000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://my.splashtop.com/csrs/winEs
Source: Syncro.App.Runner.exe, 00000012.00000002.3121137427.00000218BE7E6000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000014.00000002.3260005199.000002CB58907000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000015.00000002.3363994649.0000020700422000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://my.splashtop.com/csrs/winx
Source: Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A61E62000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://production.kab
Source: Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A621F3000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://production.kabu
Source: Syncro.Overmind.Service.exe, 00000011.00000002.3594084272.0000023C0F38A000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://production.kabutoservice
Source: Syncro.Overmind.Service.exe, 00000011.00000002.3594084272.0000023C0F4FB000.00000004.00000800.00020000.00000000.sdmp, Syncro.Overmind.Service.exe, 00000011.00000002.3594084272.0000023C0F567000.00000004.00000800.00020000.00000000.sdmp, Syncro.Overmind.Service.exe, 00000011.00000002.3594084272.0000023C0F231000.00000004.00000800.00020000.00000000.sdmp, Syncro.Overmind.Service.exe, 00000011.00000002.3594084272.0000023C0F7FD000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://production.kabutoservices.com
Source: Syncro.Overmind.Service.exe, 00000011.00000002.3594084272.0000023C0F4FB000.00000004.00000800.00020000.00000000.sdmp, Syncro.Overmind.Service.exe, 00000011.00000002.3594084272.0000023C0F567000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://production.kabutoservices.com(Q
Source: Syncro.Overmind.Service.exe, 00000011.00000002.3594084272.0000023C0F4FB000.00000004.00000800.00020000.00000000.sdmp, Syncro.Overmind.Service.exe, 00000011.00000002.3594084272.0000023C0F567000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://production.kabutoservices.com/(Q
Source: Syncro.App.Runner.exe, 00000014.00000002.3260005199.000002CB5874B000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://production.kabutoservices.com/choco/kabuto_patch_manager
Source: Syncro.App.Runner.exe, 0000000D.00000002.2896983400.000002133E0DD000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://production.kabutoservices.com/choco/kabuto_patch_managerP
Source: Syncro.Service.Runner.exe, 00000009.00000002.3482754410.0000022A79FD2000.00000002.00000001.01000000.00000036.sdmp String found in binary or memory: https://production.kabutoservices.com/choco/kabuto_patch_managerQwss://realtime.kabutoservices.com/s
Source: SyncroLive.Service.Runner.exe, 0000001C.00000002.3604207409.0000023854781000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://production.kabutoservices.com/kabuto/liveagent/updates/
Source: SyncroLive.Service.Runner.exe, 0000001C.00000002.3587090605.00000238544F2000.00000002.00000001.01000000.00000042.sdmp String found in binary or memory: https://production.kabutoservices.com/kabuto/liveagent/updates/=Windows
Source: Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A621F3000.00000004.00000800.00020000.00000000.sdmp, Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A62159000.00000004.00000800.00020000.00000000.sdmp, Syncro.Overmind.Service.exe, 00000011.00000002.3594084272.0000023C0F231000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://production.kabutoservices.com/servicing/
Source: Syncro.Overmind.Service.exe, 00000011.00000002.3594084272.0000023C0F318000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://production.kabutoservices.com/servicing/api/v1/inventory?sc=syncro-rtm&st=syncro
Source: Syncro.Overmind.Service.exe, 00000011.00000002.3594084272.0000023C0F4FB000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://production.kabutoservices.com/servicing/api/v1/inventory?sc=syncro-rtm&st=syncro&du=08bc108c
Source: Syncro.Overmind.Service.exe, 00000011.00000002.3594084272.0000023C0F318000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://production.kabutoservices.com/servicing/files
Source: Syncro.Overmind.Service.exe, 00000011.00000002.3594084272.0000023C0F567000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://production.kabutoservices.com/servicing/files/1/1/bc0ef6e22dc9248d10ef88283e50059cb741d611
Source: Syncro.Overmind.Service.exe, 00000011.00000002.3594084272.0000023C0F567000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://production.kabutoservices.com/servicing/files/c/2/daf9d05bc8a143caaf28a6f3fcd8b2b3ef4e8d2c
Source: Syncro.Overmind.Service.exe, 00000011.00000002.3594084272.0000023C0F567000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://production.kabutoservices.com/servicing/files/c/b/d1c2d20629337d9b3497876f2cf88255468a83bc
Source: SyncroLive.Service.Runner.exe, 0000001C.00000002.3604207409.0000023854781000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://production.kabutoservices.com/syncro/agent/updates/
Source: Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A61ACF000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://production.kabutoservices.com/syncro/main/upd
Source: Syncro.App.Runner.exe, 00000014.00000002.3260005199.000002CB5874B000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000015.00000002.3363994649.00000207000E9000.00000004.00000800.00020000.00000000.sdmp, INVOICE31401001340.exe String found in binary or memory: https://production.kabutoservices.com/syncro/main/updates/
Source: Syncro.App.Runner.exe, 0000000D.00000002.2896983400.000002133E0DD000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://production.kabutoservices.com/syncro/main/updates/P
Source: Syncro.Installer.exe, 00000002.00000002.2309646185.0000021C000B2000.00000004.00000800.00020000.00000000.sdmp, Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A621F3000.00000004.00000800.00020000.00000000.sdmp, Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A62206000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://production.kabutoservices.com/syncro/main/updates/RELEASES
Source: Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A61ACF000.00000004.00000800.00020000.00000000.sdmp, Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A61ECB000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://production.kabutoservices.com/syncro/main/updates/RELEASES?id=Syncro&localVersion=1.0.181.14
Source: Syncro.Installer.exe, 00000002.00000002.2309646185.0000021C000B2000.00000004.00000800.00020000.00000000.sdmp, Syncro.Installer.exe, 00000002.00000002.2309646185.0000021C00001000.00000004.00000800.00020000.00000000.sdmp, Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A621F3000.00000004.00000800.00020000.00000000.sdmp, Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A62206000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://production.kabutoservices.com/syncro/main/updates/Syncro-1.0.181.14910-full.nupkg
Source: Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A61BEB000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://production.kabutoservices.com/syncro/main/updates/pR
Source: Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A61461000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://production.kabutoservices.com/syncro/main/updates/r
Source: Syncro.Overmind.Service.exe, 00000011.00000002.3594084272.0000023C0F231000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://production.kabutoservices.com/syncro/main/updates/servicing.defaults.json
Source: Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A62111000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://production.kabutoservices.com/syncro/overmin
Source: Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A62111000.00000004.00000800.00020000.00000000.sdmp, Syncro.Overmind.Service.exe, 00000011.00000002.3594084272.0000023C0F7FD000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://production.kabutoservices.com/syncro/overmind/update
Source: Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A62111000.00000004.00000800.00020000.00000000.sdmp, Syncro.Overmind.Service.exe, 00000011.00000002.3594084272.0000023C0F6FB000.00000004.00000800.00020000.00000000.sdmp, Syncro.Overmind.Service.exe, 00000011.00000002.3594084272.0000023C0F7FD000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://production.kabutoservices.com/syncro/overmind/updates
Source: Syncro.App.Runner.exe, 00000014.00000002.3260005199.000002CB5874B000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://production.kabutoservices.com/syncro/overmind/updates/
Source: Syncro.App.Runner.exe, 0000000D.00000002.2896983400.000002133E0DD000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://production.kabutoservices.com/syncro/overmind/updates/P
Source: Syncro.Overmind.Service.exe, 00000011.00000002.3594084272.0000023C0F6FB000.00000004.00000800.00020000.00000000.sdmp, Syncro.Overmind.Service.exe, 00000011.00000002.3594084272.0000023C0F38A000.00000004.00000800.00020000.00000000.sdmp, Syncro.Overmind.Service.exe, 00000011.00000002.3594084272.0000023C0F231000.00000004.00000800.00020000.00000000.sdmp, Syncro.Overmind.Service.exe, 00000011.00000002.3594084272.0000023C0F7FD000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://production.kabutoservices.com/syncro/overmind/updates/RELEASES
Source: Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A61BEB000.00000004.00000800.00020000.00000000.sdmp, Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A62111000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://production.kabutoservices.com/syncro/overmind/updates/releases
Source: Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A61A7B000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://production.kabutoservices.com0l
Source: Syncro.Overmind.Service.exe, 00000011.00000002.3594084272.0000023C0F38A000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://production.kabutoservices.com4
Source: Syncro.Overmind.Service.exe, 00000011.00000002.3594084272.0000023C0F4FB000.00000004.00000800.00020000.00000000.sdmp, Syncro.Overmind.Service.exe, 00000011.00000002.3594084272.0000023C0F567000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://production.kabutoservices.com:443X
Source: Syncro.Overmind.Service.exe, 00000011.00000002.3594084272.0000023C0F6FB000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://production.kabutoservices.comHGE
Source: Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A62111000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://production.kabutoservih
Source: Syncro.Overmind.Service.exe, 00000011.00000002.3594084272.0000023C0F7FD000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://production.kabutoservihH
Source: INVOICE31401001340.exe, 00000000.00000002.2353079397.0000000013189000.00000004.00000800.00020000.00000000.sdmp, INVOICE31401001340.exe, 00000000.00000000.2120038499.0000000000672000.00000002.00000001.01000000.00000003.sdmp, Syncro.Installer.exe, 00000002.00000000.2130594520.0000021C72832000.00000002.00000001.01000000.00000006.sdmp String found in binary or memory: https://repairtech.zendesk.com/hc/en-us/articles/204893109-Monitoring-in-Kabuto3Configure
Source: INVOICE31401001340.exe, 00000000.00000002.2353079397.0000000013189000.00000004.00000800.00020000.00000000.sdmp, INVOICE31401001340.exe, 00000000.00000000.2120038499.0000000000672000.00000002.00000001.01000000.00000003.sdmp, Syncro.Installer.exe, 00000002.00000000.2130594520.0000021C72832000.00000002.00000001.01000000.00000006.sdmp String found in binary or memory: https://repairtech.zendesk.com/hc/en-us/articles/205571025-Device-Settings-in-Kabuto
Source: Syncro.Installer.exe, 00000002.00000002.2309646185.0000021C004BD000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://rmm.syncroP
Source: Syncro.Installer.exe, 00000002.00000002.2309646185.0000021C0048A000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://rmm.syncromsp.
Source: INVOICE31401001340.exe String found in binary or memory: https://rmm.syncromsp.com
Source: Syncro.Installer.exe, 00000002.00000002.2309646185.0000021C0017D000.00000004.00000800.00020000.00000000.sdmp, Syncro.Installer.exe, 00000002.00000002.2309646185.0000021C00583000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://rmm.syncromsp.com(
Source: Syncro.Installer.exe, 00000002.00000002.2309646185.0000021C004BD000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://rmm.syncromsp.com(Q
Source: Syncro.Installer.exe, 00000002.00000002.2309646185.0000021C004BD000.00000004.00000800.00020000.00000000.sdmp, Syncro.Installer.exe, 00000002.00000002.2309646185.0000021C0048A000.00000004.00000800.00020000.00000000.sdmp, Syncro.Installer.exe, 00000002.00000002.2309646185.0000021C00001000.00000004.00000800.00020000.00000000.sdmp, Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A61B6D000.00000004.00000800.00020000.00000000.sdmp, Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A61A7B000.00000004.00000800.00020000.00000000.sdmp, Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A61461000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://rmm.syncromsp.com/
Source: Syncro.Installer.exe, 00000002.00000002.2309646185.0000021C0048A000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://rmm.syncromsp.com/(Q
Source: Syncro.Installer.exe, 00000002.00000002.2309646185.0000021C00583000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://rmm.syncromsp.com//device_api/de
Source: Syncro.Installer.exe, 00000002.00000002.2309646185.0000021C0017D000.00000004.00000800.00020000.00000000.sdmp, Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A61D49000.00000004.00000800.00020000.00000000.sdmp, Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A61D6F000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://rmm.syncromsp.com//device_api/device
Source: Syncro.Installer.exe, 00000002.00000002.2309646185.0000021C00583000.00000004.00000800.00020000.00000000.sdmp, Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A61D49000.00000004.00000800.00020000.00000000.sdmp, Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A61D6F000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://rmm.syncromsp.com//device_api/device/addon
Source: Syncro.Installer.exe, 00000002.00000002.2309646185.0000021C0017D000.00000004.00000800.00020000.00000000.sdmp, Syncro.Installer.exe, 00000002.00000002.2309646185.0000021C00583000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://rmm.syncromsp.com//device_api/device/addonx
Source: Syncro.Installer.exe, 00000002.00000002.2309646185.0000021C0017D000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://rmm.syncromsp.com//device_api/devicex
Source: Syncro.Installer.exe, 00000002.00000002.2309646185.0000021C005C6000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://rmm.syncromsp.com//device_api/sync_device
Source: Syncro.Installer.exe, 00000002.00000002.2309646185.0000021C005C6000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://rmm.syncromsp.com//device_api/sync_device?device_uuid=08bc108c-6328-49e2-9e11-d1
Source: Syncro.Installer.exe, 00000002.00000002.2309646185.0000021C0017D000.00000004.00000800.00020000.00000000.sdmp, Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A61D49000.00000004.00000800.00020000.00000000.sdmp, Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A61D6F000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://rmm.syncromsp.com//device_api/sync_device?device_uuid=08bc108c-6328-49e2-9e11-d1871af9471c
Source: Syncro.Installer.exe, 00000002.00000002.2309646185.0000021C005C6000.00000004.00000800.00020000.00000000.sdmp, Syncro.Installer.exe, 00000002.00000002.2309646185.0000021C0017D000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://rmm.syncromsp.com//device_api/sync_device?device_uuid=08bc108c-6328-49e2-9e11-d1871af9471cx
Source: Syncro.Installer.exe, 00000002.00000002.2309646185.0000021C004BD000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://rmm.syncromsp.com/device_aX
Source: Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A61BEB000.00000004.00000800.00020000.00000000.sdmp, Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A617F6000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://rmm.syncromsp.com/device_api/alert
Source: Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A618DB000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://rmm.syncromsp.com/device_api/alert0l
Source: Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A61A7B000.00000004.00000800.00020000.00000000.sdmp, Syncro.Service.Runner.exe, 00000009.00000002.3504634830.0000022A7AE39000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://rmm.syncromsp.com/device_api/check_active?device_uuid=08bc108c-6328-49e2-9e11-d1871af9471c
Source: Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A62220000.00000004.00000800.00020000.00000000.sdmp, Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A61ECB000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://rmm.syncromsp.com/device_api/device
Source: Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A61A7B000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://rmm.syncromsp.com/device_api/device/action_queue
Source: Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A616A7000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://rmm.syncromsp.com/device_api/metric
Source: Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A61C76000.00000004.00000800.00020000.00000000.sdmp, Syncro.Service.Runner.exe, 00000009.00000002.3451407992.0000022A718CE000.00000004.00000800.00020000.00000000.sdmp, Syncro.Service.Runner.exe, 00000009.00000002.3451407992.0000022A714E8000.00000004.00000800.00020000.00000000.sdmp, Syncro.Service.Runner.exe, 00000009.00000002.3451407992.0000022A71797000.00000004.00000800.00020000.00000000.sdmp, Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A62220000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://rmm.syncromsp.com/device_api/single_field
Source: Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A61B6D000.00000004.00000800.00020000.00000000.sdmp, Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A61A7B000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://rmm.syncromsp.com/device_api/sync_device?device_uuid=08bc108c-6328-49e2-9e11-d1871af9471c&ap
Source: Syncro.Service.Runner.exe, 00000009.00000002.3482754410.0000022A79FD2000.00000002.00000001.01000000.00000036.sdmp String found in binary or memory: https://rmm.syncromsp.com7https://admin.syncroapi.comuhttps://production.kabutoservices.com/syncro/m
Source: Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A61B6D000.00000004.00000800.00020000.00000000.sdmp, Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A61A7B000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://rmm.syncromsp.com:443/
Source: Syncro.App.Runner.exe, 0000000D.00000002.2896983400.000002133E0DD000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000012.00000002.3121137427.00000218BE379000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000014.00000002.3260005199.000002CB58499000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000015.00000002.3363994649.00000207000E9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://rmm.syncromsp.comP
Source: Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A61461000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://rmm.syncromsp.comXk
Source: INVOICE31401001340.exe, Syncro.App.Runner.exe0.2.dr, deniszykov.WebSocketListener.dll.17.dr String found in binary or memory: https://sectigo.com/CPS0
Source: Syncro.Installer.exe, 00000002.00000002.2324699686.0000021C75AE0000.00000004.08000000.00040000.00000000.sdmp, Syncro.Service.Runner.exe, 00000009.00000002.3474168240.0000022A79D42000.00000002.00000001.01000000.00000033.sdmp, Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A616A7000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://servably.com/
Source: Syncro.Installer.exe, 00000002.00000002.2309646185.0000021C00237000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://storage.googleapis.com
Source: Syncro.App.Runner.exe, 0000000D.00000002.2896983400.000002133E0DD000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000014.00000002.3260005199.000002CB5874B000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://storage.googleapis.com/kabuto-assets/syncro_fa
Source: Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A61ECB000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 0000000D.00000002.2896983400.000002133E0DD000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 0000000D.00000002.2896983400.000002133E09B000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 0000000D.00000002.2896983400.000002133DE58000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000012.00000002.3121137427.00000218BE5CB000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000012.00000002.3121137427.00000218BE379000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000012.00000002.3121137427.00000218BE7E6000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000014.00000002.3260005199.000002CB58499000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000014.00000002.3260005199.000002CB58907000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000014.00000002.3260005199.000002CB586FD000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000015.00000002.3363994649.00000207000E9000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000015.00000002.3363994649.000002070034B000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000015.00000002.3363994649.0000020700422000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://storage.googleapis.com/kabuto-assets/syncro_favicon.ico
Source: Syncro.Installer.exe, 00000002.00000002.2309646185.0000021C005F5000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://storage.googleapis.com/kabuto-assets/syncro_favicon.ico(
Source: Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A61B7C000.00000004.00000800.00020000.00000000.sdmp, Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A61ACF000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 0000000D.00000002.2896983400.000002133E0DD000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 0000000D.00000002.2896983400.000002133DFA3000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 0000000D.00000002.2896983400.000002133DF97000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000012.00000002.3121137427.00000218BE4E0000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000012.00000002.3121137427.00000218BE5CB000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000012.00000002.3121137427.00000218BE7E6000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000014.00000002.3260005199.000002CB58609000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000014.00000002.3260005199.000002CB58602000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000014.00000002.3260005199.000002CB5874B000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000014.00000002.3260005199.000002CB58907000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000014.00000002.3260005199.000002CB586FD000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000015.00000002.3363994649.0000020700251000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000015.00000002.3363994649.000002070034B000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000015.00000002.3363994649.0000020700422000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://storage.googleapis.com/kabuto-assets/syncro_favicon.icoE
Source: Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A61B7C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://storage.googleapis.com0l
Source: Syncro.Service.Runner.exe, 00000009.00000002.3482920323.0000022A79FF2000.00000002.00000001.01000000.00000037.sdmp String found in binary or memory: https://taskscheduler.codeplex.com/
Source: Syncro.Service.Runner.exe, 00000009.00000002.3483800338.0000022A7A02C000.00000002.00000001.01000000.00000037.sdmp String found in binary or memory: https://taskscheduler.codeplex.com/F
Source: Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A61BEB000.00000004.00000800.00020000.00000000.sdmp, Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A61ACF000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://wlndows.syncroapi.com
Source: Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A62220000.00000004.00000800.00020000.00000000.sdmp, Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A61ACF000.00000004.00000800.00020000.00000000.sdmp, Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A61ECB000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://wlndows.syncroapi.com/api/syncro_device/custom_fields/set_powershell_version
Source: Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A62220000.00000004.00000800.00020000.00000000.sdmp, Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A61ECB000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://wlndows.syncroapi.com/api/syncro_device/snmp_devices
Source: Syncro.Installer.exe, 00000002.00000002.2324699686.0000021C75AE0000.00000004.08000000.00040000.00000000.sdmp, Syncro.Service.Runner.exe, 00000009.00000002.3474168240.0000022A79D42000.00000002.00000001.01000000.00000033.sdmp String found in binary or memory: https://www.filestackapi.com/api/store/S3?key=Ar2icTxzSrmBz10IcjpC1z1application/octet-stream
Source: Syncro.Installer.exe, 00000002.00000002.2309646185.0000021C0010A000.00000004.00000800.00020000.00000000.sdmp, Syncro.Installer.exe, 00000002.00000002.2316441248.0000021C10001000.00000004.00000800.00020000.00000000.sdmp, Syncro.Installer.exe, 00000002.00000002.2323006385.0000021C755C0000.00000004.08000000.00040000.00000000.sdmp, Syncro.Overmind.Service.exe, 0000000E.00000002.2467329958.0000017216854000.00000004.00000800.00020000.00000000.sdmp, Syncro.Overmind.Service.exe, 0000000E.00000002.2467329958.00000172165C9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.newtonsoft.com/json
Source: Syncro.Overmind.Service.exe, 0000000E.00000002.2467329958.00000172165C9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.newtonsoft.com/jsonschema
Source: Syncro.Installer.exe, 00000002.00000002.2309646185.0000021C0010A000.00000004.00000800.00020000.00000000.sdmp, Syncro.Installer.exe, 00000002.00000002.2316441248.0000021C10001000.00000004.00000800.00020000.00000000.sdmp, Syncro.Installer.exe, 00000002.00000002.2323006385.0000021C755C0000.00000004.08000000.00040000.00000000.sdmp, Syncro.App.Runner.exe, 0000000D.00000002.2915904761.0000021356952000.00000002.00000001.01000000.00000020.sdmp, Syncro.Overmind.Service.exe, 0000000E.00000002.2467329958.0000017216854000.00000004.00000800.00020000.00000000.sdmp, Syncro.Overmind.Service.exe, 0000000E.00000002.2467329958.00000172165C9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.nuget.org/packages/Newtonsoft.Json.Bson
Source: INVOICE31401001340.exe, 00000000.00000002.2353079397.0000000013189000.00000004.00000800.00020000.00000000.sdmp, INVOICE31401001340.exe, 00000000.00000000.2120038499.0000000000672000.00000002.00000001.01000000.00000003.sdmp, Syncro.Installer.exe, 00000002.00000000.2130594520.0000021C72832000.00000002.00000001.01000000.00000006.sdmp String found in binary or memory: https://www.repairtechsolutions.com/documentation/kabuto/#managed_antivirus_add-on9Already
Source: INVOICE31401001340.exe, 00000000.00000002.2353079397.0000000013189000.00000004.00000800.00020000.00000000.sdmp, INVOICE31401001340.exe, 00000000.00000000.2120038499.0000000000672000.00000002.00000001.01000000.00000003.sdmp, Syncro.Installer.exe, 00000002.00000000.2130594520.0000021C72832000.00000002.00000001.01000000.00000006.sdmp String found in binary or memory: https://www.repairtechsolutions.com/documentation/kabuto/#monitoring_add-on
Source: unknown Network traffic detected: HTTP traffic on port 49817 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49812 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49806 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49823 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49828 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49830
Source: unknown Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49829
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown Network traffic detected: HTTP traffic on port 49811 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49828
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49827
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49826
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49825
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49824
Source: unknown Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49823
Source: unknown Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown Network traffic detected: HTTP traffic on port 49813 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49807 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49802 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49830 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49797 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49801 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49824 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown Network traffic detected: HTTP traffic on port 49818 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49829 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown Network traffic detected: HTTP traffic on port 49792 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49745
Source: unknown Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49826 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49820 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49819 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49793 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown Network traffic detected: HTTP traffic on port 49814 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49825 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49808 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49789
Source: unknown Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49821
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49820
Source: unknown Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49819
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49818
Source: unknown Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49810 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49817
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49816
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49814
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49813
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49812
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49811
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49810
Source: unknown Network traffic detected: HTTP traffic on port 49816 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49794 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49827 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49809
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49808
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49807
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49806
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49805
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49804
Source: unknown Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49803
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49802
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49801
Source: unknown Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49800
Source: unknown Network traffic detected: HTTP traffic on port 49783 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49821 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49809 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49804 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown HTTPS traffic detected: 54.235.117.67:443 -> 192.168.2.6:49703 version: TLS 1.2
Source: unknown HTTPS traffic detected: 52.40.78.72:443 -> 192.168.2.6:49706 version: TLS 1.2
Source: unknown HTTPS traffic detected: 172.67.70.15:443 -> 192.168.2.6:49711 version: TLS 1.2
Source: unknown HTTPS traffic detected: 54.235.117.67:443 -> 192.168.2.6:49724 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.26.14.34:443 -> 192.168.2.6:49727 version: TLS 1.2
Source: unknown HTTPS traffic detected: 3.222.92.158:443 -> 192.168.2.6:49731 version: TLS 1.2
Source: unknown HTTPS traffic detected: 52.40.78.72:443 -> 192.168.2.6:49737 version: TLS 1.2
Source: unknown HTTPS traffic detected: 52.206.234.204:443 -> 192.168.2.6:49739 version: TLS 1.2
Source: unknown HTTPS traffic detected: 52.40.78.72:443 -> 192.168.2.6:49740 version: TLS 1.2
Source: unknown HTTPS traffic detected: 54.213.117.181:443 -> 192.168.2.6:49807 version: TLS 1.2
Source: unknown HTTPS traffic detected: 54.213.117.181:443 -> 192.168.2.6:49809 version: TLS 1.2
Source: unknown HTTPS traffic detected: 54.235.117.67:443 -> 192.168.2.6:49811 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.26.14.34:443 -> 192.168.2.6:49814 version: TLS 1.2
Source: unknown HTTPS traffic detected: 52.40.78.72:443 -> 192.168.2.6:49818 version: TLS 1.2
Source: unknown HTTPS traffic detected: 52.40.78.72:443 -> 192.168.2.6:49819 version: TLS 1.2
Source: unknown HTTPS traffic detected: 52.40.78.72:443 -> 192.168.2.6:49823 version: TLS 1.2
Source: unknown HTTPS traffic detected: 54.84.28.205:443 -> 192.168.2.6:49825 version: TLS 1.2

System Summary
barindex
Initial sample is a PE file and has a suspicious name
Source: initial sample Static PE information: Filename: INVOICE31401001340.exe
Contains functionality to launch a process as a different user
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Code function: 9_2_00007FFD34E6A7B8 CreateProcessAsUserW, 9_2_00007FFD34E6A7B8
Creates driver files
Source: C:\Program Files\RepairTech\LiveAgent\SyncroLive.Agent.Runner.exe File created: C:\Program Files\RepairTech\LiveAgent\app-0.0.68.15635\OpenHardwareMonitorLib.sys
Creates files inside the system directory
Source: C:\Windows\System32\svchost.exe File created: C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe File created: C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\Syncro.Service.Runner.exe.log Jump to behavior
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe File created: C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\Syncro.Overmind.Service.exe.log
Deletes files inside the Windows folder
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe File deleted: C:\Windows\Temp\.squirrel-lock-7A0B58A6894AA1EDC6355A09A90118E336F92621 Jump to behavior
Detected potential crypto function
Source: C:\Users\user\Desktop\INVOICE31401001340.exe Code function: 0_2_00007FFD348A0AF8 0_2_00007FFD348A0AF8
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Code function: 2_2_00007FFD348A5700 2_2_00007FFD348A5700
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Code function: 2_2_00007FFD348AEE75 2_2_00007FFD348AEE75
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Code function: 2_2_00007FFD348C4E90 2_2_00007FFD348C4E90
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Code function: 2_2_00007FFD34894FD7 2_2_00007FFD34894FD7
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Code function: 2_2_00007FFD348A57D3 2_2_00007FFD348A57D3
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Code function: 2_2_00007FFD34897B50 2_2_00007FFD34897B50
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Code function: 2_2_00007FFD348AC6FB 2_2_00007FFD348AC6FB
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Code function: 2_2_00007FFD348937D3 2_2_00007FFD348937D3
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Code function: 2_2_00007FFD348B0118 2_2_00007FFD348B0118
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Code function: 2_2_00007FFD34896978 2_2_00007FFD34896978
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Code function: 2_2_00007FFD34893350 2_2_00007FFD34893350
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Code function: 2_2_00007FFD348A629A 2_2_00007FFD348A629A
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Code function: 2_2_00007FFD348AC440 2_2_00007FFD348AC440
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Code function: 2_2_00007FFD34898B78 2_2_00007FFD34898B78
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Code function: 2_2_00007FFD34898B80 2_2_00007FFD34898B80
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Code function: 2_2_00007FFD34898BA8 2_2_00007FFD34898BA8
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Code function: 2_2_00007FFD34B3B660 2_2_00007FFD34B3B660
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Code function: 2_2_00007FFD34B4113A 2_2_00007FFD34B4113A
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Code function: 2_2_00007FFD34B42085 2_2_00007FFD34B42085
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Code function: 2_2_00007FFD34B41298 2_2_00007FFD34B41298
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Code function: 2_2_00007FFD348A8CF9 2_2_00007FFD348A8CF9
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Code function: 9_2_00007FFD348B3508 9_2_00007FFD348B3508
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Code function: 9_2_00007FFD348C25F2 9_2_00007FFD348C25F2
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Code function: 9_2_00007FFD348CAEE0 9_2_00007FFD348CAEE0
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Code function: 9_2_00007FFD348C3F80 9_2_00007FFD348C3F80
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Code function: 9_2_00007FFD348B7070 9_2_00007FFD348B7070
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Code function: 9_2_00007FFD348C5060 9_2_00007FFD348C5060
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Code function: 9_2_00007FFD348B6250 9_2_00007FFD348B6250
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Code function: 9_2_00007FFD348C6C10 9_2_00007FFD348C6C10
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Code function: 9_2_00007FFD348CEC58 9_2_00007FFD348CEC58
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Code function: 9_2_00007FFD348B4D10 9_2_00007FFD348B4D10
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Code function: 9_2_00007FFD348BF6EF 9_2_00007FFD348BF6EF
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Code function: 9_2_00007FFD348C26F2 9_2_00007FFD348C26F2
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Code function: 9_2_00007FFD348C26D3 9_2_00007FFD348C26D3
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Code function: 9_2_00007FFD348BE7FA 9_2_00007FFD348BE7FA
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Code function: 9_2_00007FFD348BE7CD 9_2_00007FFD348BE7CD
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Code function: 9_2_00007FFD348B932D 9_2_00007FFD348B932D
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Code function: 9_2_00007FFD348BAAD3 9_2_00007FFD348BAAD3
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Code function: 9_2_00007FFD348BC3F3 9_2_00007FFD348BC3F3
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Code function: 9_2_00007FFD34B4AAE2 9_2_00007FFD34B4AAE2
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Code function: 9_2_00007FFD34B476F5 9_2_00007FFD34B476F5
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Code function: 9_2_00007FFD34B49EFF 9_2_00007FFD34B49EFF
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Code function: 9_2_00007FFD34B43034 9_2_00007FFD34B43034
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Code function: 9_2_00007FFD34B43450 9_2_00007FFD34B43450
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Code function: 9_2_00007FFD34B4C3FB 9_2_00007FFD34B4C3FB
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Code function: 9_2_00007FFD34B4C652 9_2_00007FFD34B4C652
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Code function: 9_2_00007FFD34B78477 9_2_00007FFD34B78477
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Code function: 9_2_00007FFD34B7DDC9 9_2_00007FFD34B7DDC9
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Code function: 9_2_00007FFD34B7057F 9_2_00007FFD34B7057F
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Code function: 9_2_00007FFD34B9CF58 9_2_00007FFD34B9CF58
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Code function: 9_2_00007FFD34B7C110 9_2_00007FFD34B7C110
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Code function: 9_2_00007FFD34B73A40 9_2_00007FFD34B73A40
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Code function: 9_2_00007FFD34B796F2 9_2_00007FFD34B796F2
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Code function: 9_2_00007FFD34B838EB 9_2_00007FFD34B838EB
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Code function: 9_2_00007FFD34B71BA2 9_2_00007FFD34B71BA2
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Code function: 9_2_00007FFD34E75C9D 9_2_00007FFD34E75C9D
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Code function: 9_2_00007FFD34E6C250 9_2_00007FFD34E6C250
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Code function: 9_2_00007FFD34E661C0 9_2_00007FFD34E661C0
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Code function: 9_2_00007FFD34E72AFA 9_2_00007FFD34E72AFA
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Code function: 9_2_00007FFD34E6ACF2 9_2_00007FFD34E6ACF2
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Code function: 9_2_00007FFD34E68CB8 9_2_00007FFD34E68CB8
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Code function: 9_2_00007FFD34E685E5 9_2_00007FFD34E685E5
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Code function: 9_2_00007FFD34E6000A 9_2_00007FFD34E6000A
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Code function: 9_2_00007FFD34E7A7FA 9_2_00007FFD34E7A7FA
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Code function: 9_2_00007FFD34E60FCD 9_2_00007FFD34E60FCD
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Code function: 9_2_00007FFD34E730FA 9_2_00007FFD34E730FA
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Code function: 9_2_00007FFD34E60070 9_2_00007FFD34E60070
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Code function: 9_2_00007FFD34E6ABF0 9_2_00007FFD34E6ABF0
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Code function: 9_2_00007FFD34E62380 9_2_00007FFD34E62380
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Code function: 9_2_00007FFD34FCA8C9 9_2_00007FFD34FCA8C9
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Code function: 9_2_00007FFD351B59A5 9_2_00007FFD351B59A5
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Code function: 9_2_00007FFD351B69F9 9_2_00007FFD351B69F9
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Code function: 9_2_00007FFD352888C8 9_2_00007FFD352888C8
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Code function: 9_2_00007FFD352834A1 9_2_00007FFD352834A1
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Code function: 9_2_00007FFD35286919 9_2_00007FFD35286919
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Code function: 9_2_00007FFD35284918 9_2_00007FFD35284918
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Code function: 9_2_00007FFD35285385 9_2_00007FFD35285385
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Code function: 9_2_00007FFD35291B45 9_2_00007FFD35291B45
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Code function: 9_2_00007FFD35284910 9_2_00007FFD35284910
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Code function: 9_2_00007FFD35284905 9_2_00007FFD35284905
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Code function: 9_2_00007FFD35284710 9_2_00007FFD35284710
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Code function: 9_2_00007FFD3542BCBC 9_2_00007FFD3542BCBC
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Code function: 9_2_00007FFD3543048C 9_2_00007FFD3543048C
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Code function: 9_2_00007FFD35421430 9_2_00007FFD35421430
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Code function: 9_2_00007FFD354223F6 9_2_00007FFD354223F6
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Code function: 9_2_00007FFD35421818 9_2_00007FFD35421818
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Code function: 9_2_00007FFD35428B09 9_2_00007FFD35428B09
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Code function: 9_2_00007FFD35430525 9_2_00007FFD35430525
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Code function: 9_2_00007FFD35426BDA 9_2_00007FFD35426BDA
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Code function: 13_2_00007FFD348B5C81 13_2_00007FFD348B5C81
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Code function: 13_2_00007FFD348A6E10 13_2_00007FFD348A6E10
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Code function: 13_2_00007FFD348C8748 13_2_00007FFD348C8748
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Code function: 13_2_00007FFD348A4826 13_2_00007FFD348A4826
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Code function: 13_2_00007FFD348C4230 13_2_00007FFD348C4230
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Code function: 13_2_00007FFD348C11C5 13_2_00007FFD348C11C5
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Code function: 13_2_00007FFD348C53F8 13_2_00007FFD348C53F8
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Code function: 13_2_00007FFD348A6440 13_2_00007FFD348A6440
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Code function: 13_2_00007FFD348AF4A0 13_2_00007FFD348AF4A0
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Code function: 13_2_00007FFD348B3F69 13_2_00007FFD348B3F69
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Code function: 13_2_00007FFD348A1110 13_2_00007FFD348A1110
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Code function: 13_2_00007FFD348A11F8 13_2_00007FFD348A11F8
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Code function: 13_2_00007FFD348B3A70 13_2_00007FFD348B3A70
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Code function: 13_2_00007FFD34AB6F60 13_2_00007FFD34AB6F60
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Code function: 13_2_00007FFD34AB4224 13_2_00007FFD34AB4224
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Code function: 13_2_00007FFD34B7B645 13_2_00007FFD34B7B645
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Code function: 13_2_00007FFD34B77574 13_2_00007FFD34B77574
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Code function: 13_2_00007FFD34B8205C 13_2_00007FFD34B8205C
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Code function: 13_2_00007FFD34B709A0 13_2_00007FFD34B709A0
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Code function: 13_2_00007FFD34B74169 13_2_00007FFD34B74169
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Code function: 13_2_00007FFD34B78279 13_2_00007FFD34B78279
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Code function: 13_2_00007FFD34B85879 13_2_00007FFD34B85879
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Code function: 14_2_00007FFD348B31F0 14_2_00007FFD348B31F0
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Code function: 14_2_00007FFD348AFAF2 14_2_00007FFD348AFAF2
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Code function: 14_2_00007FFD348B6AE4 14_2_00007FFD348B6AE4
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Code function: 14_2_00007FFD348B6290 14_2_00007FFD348B6290
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Code function: 14_2_00007FFD348BA42C 14_2_00007FFD348BA42C
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Code function: 14_2_00007FFD348A9DFB 14_2_00007FFD348A9DFB
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Code function: 14_2_00007FFD348B0F28 14_2_00007FFD348B0F28
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Code function: 14_2_00007FFD348AFFD3 14_2_00007FFD348AFFD3
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Code function: 14_2_00007FFD348A1928 14_2_00007FFD348A1928
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Code function: 14_2_00007FFD348A1948 14_2_00007FFD348A1948
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Code function: 14_2_00007FFD348B11FA 14_2_00007FFD348B11FA
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Code function: 14_2_00007FFD348B11D1 14_2_00007FFD348B11D1
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Code function: 14_2_00007FFD348B9BF2 14_2_00007FFD348B9BF2
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Code function: 18_2_00007FFD348B5688 18_2_00007FFD348B5688
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Code function: 18_2_00007FFD348CF6D8 18_2_00007FFD348CF6D8
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Code function: 18_2_00007FFD34894826 18_2_00007FFD34894826
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Code function: 18_2_00007FFD348B41C8 18_2_00007FFD348B41C8
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Code function: 18_2_00007FFD34896440 18_2_00007FFD34896440
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Code function: 18_2_00007FFD348CDD08 18_2_00007FFD348CDD08
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Code function: 18_2_00007FFD34896E10 18_2_00007FFD34896E10
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Code function: 18_2_00007FFD348A5EA1 18_2_00007FFD348A5EA1
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Code function: 18_2_00007FFD348B3FFA 18_2_00007FFD348B3FFA
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Code function: 18_2_00007FFD348B8028 18_2_00007FFD348B8028
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Code function: 18_2_00007FFD348D68C0 18_2_00007FFD348D68C0
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Code function: 18_2_00007FFD348B8A38 18_2_00007FFD348B8A38
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Code function: 18_2_00007FFD348A7AD3 18_2_00007FFD348A7AD3
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Code function: 18_2_00007FFD348A5518 18_2_00007FFD348A5518
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Code function: 18_2_00007FFD348A5528 18_2_00007FFD348A5528
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Code function: 18_2_00007FFD348A5540 18_2_00007FFD348A5540
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Code function: 18_2_00007FFD348A5598 18_2_00007FFD348A5598
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Code function: 18_2_00007FFD348A5580 18_2_00007FFD348A5580
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Code function: 18_2_00007FFD3489F6C0 18_2_00007FFD3489F6C0
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Code function: 18_2_00007FFD34891110 18_2_00007FFD34891110
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Code function: 18_2_00007FFD348A509E 18_2_00007FFD348A509E
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Code function: 18_2_00007FFD348911F8 18_2_00007FFD348911F8
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Code function: 18_2_00007FFD348B41D3 18_2_00007FFD348B41D3
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Code function: 18_2_00007FFD348B2C7D 18_2_00007FFD348B2C7D
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Code function: 18_2_00007FFD348B5DFA 18_2_00007FFD348B5DFA
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Code function: 18_2_00007FFD348B2DD3 18_2_00007FFD348B2DD3
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Code function: 18_2_00007FFD348B2ED3 18_2_00007FFD348B2ED3
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Code function: 18_2_00007FFD348BABF2 18_2_00007FFD348BABF2
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Code function: 18_2_00007FFD348B2C2D 18_2_00007FFD348B2C2D
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Code function: 18_2_00007FFD348B1C24 18_2_00007FFD348B1C24
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Code function: 18_2_00007FFD34AA923C 18_2_00007FFD34AA923C
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Code function: 18_2_00007FFD34AA4624 18_2_00007FFD34AA4624
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Code function: 18_2_00007FFD34AA5A00 18_2_00007FFD34AA5A00
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Code function: 18_2_00007FFD34AA11CD 18_2_00007FFD34AA11CD
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Code function: 18_2_00007FFD34B60E30 18_2_00007FFD34B60E30
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Code function: 18_2_00007FFD34B645F9 18_2_00007FFD34B645F9
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Code function: 18_2_00007FFD34B687CE 18_2_00007FFD34B687CE
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Code function: 18_2_00007FFD34B67A04 18_2_00007FFD34B67A04
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Code function: 18_2_00007FFD34B731FE 18_2_00007FFD34B731FE
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Code function: 18_2_00007FFD34B639D7 18_2_00007FFD34B639D7
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Code function: 18_2_00007FFD34B6BAD5 18_2_00007FFD34B6BAD5
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Code function: 18_2_00007FFD34B6CBE5 18_2_00007FFD34B6CBE5
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Code function: 18_2_00007FFD34B76BAB 18_2_00007FFD34B76BAB
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Code function: 20_2_00007FFD348C4400 20_2_00007FFD348C4400
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Code function: 20_2_00007FFD348C6E10 20_2_00007FFD348C6E10
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Code function: 20_2_00007FFD348E8028 20_2_00007FFD348E8028
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Code function: 20_2_00007FFD348C3FC8 20_2_00007FFD348C3FC8
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Code function: 20_2_00007FFD348C4888 20_2_00007FFD348C4888
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Code function: 20_2_00007FFD348E8A38 20_2_00007FFD348E8A38
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Code function: 20_2_00007FFD348DC625 20_2_00007FFD348DC625
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Code function: 20_2_00007FFD348DD568 20_2_00007FFD348DD568
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Code function: 20_2_00007FFD348C1110 20_2_00007FFD348C1110
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Code function: 20_2_00007FFD348D509E 20_2_00007FFD348D509E
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Code function: 20_2_00007FFD348DA2ED 20_2_00007FFD348DA2ED
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Code function: 20_2_00007FFD348DF2C0 20_2_00007FFD348DF2C0
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Code function: 20_2_00007FFD348E2C7D 20_2_00007FFD348E2C7D
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Code function: 20_2_00007FFD348E2DD3 20_2_00007FFD348E2DD3
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Code function: 20_2_00007FFD348E2EFA 20_2_00007FFD348E2EFA
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Code function: 20_2_00007FFD348E2ED3 20_2_00007FFD348E2ED3
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Code function: 20_2_00007FFD348E3FFA 20_2_00007FFD348E3FFA
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Code function: 20_2_00007FFD348E2C2D 20_2_00007FFD348E2C2D
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Code function: 20_2_00007FFD34AD470D 20_2_00007FFD34AD470D
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Code function: 20_2_00007FFD34AD59D1 20_2_00007FFD34AD59D1
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Code function: 20_2_00007FFD34B987CE 20_2_00007FFD34B987CE
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Code function: 20_2_00007FFD34B97A04 20_2_00007FFD34B97A04
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Code function: 20_2_00007FFD34B939D7 20_2_00007FFD34B939D7
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Code function: 20_2_00007FFD34B91392 20_2_00007FFD34B91392
Dropped file seen in connection with other malware
Source: Joe Sandbox View Dropped File: C:\Program Files\RepairTech\LiveAgent\SyncroLive.Agent.Runner.exe 325AA1C85357ADA0424FE95F03680A2257B0A17653E3F6F5E09D6CF46432F250
Source: Joe Sandbox View Dropped File: C:\Program Files\RepairTech\LiveAgent\SyncroLive.Service.Runner.exe 6EE07DF2E812AAA442A633361DCCEBA5389D1701FA29C0A6D5F73E749CB74292
Enables security privileges
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Process token adjusted: Security Jump to behavior
PE file contains strange resources
Source: Syncro.Service.Configuration.dll.2.dr Static PE information: Resource name: RT_VERSION type: MacBinary, comment length 97, char. code 0x69, total length 1711304448, Wed Mar 28 22:22:24 2040 INVALID date, modified Tue Feb 7 01:41:58 2040, creator ' ' "4"
Sample file is different than original file name gathered from version info
Source: INVOICE31401001340.exe, 00000000.00000002.2353079397.0000000013189000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: OriginalFilenameSyncro.App.Runner.exe. vs INVOICE31401001340.exe
Source: INVOICE31401001340.exe, 00000000.00000002.2353079397.0000000013189000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: OriginalFilenameSyncro.Service.Runner.exe. vs INVOICE31401001340.exe
Source: INVOICE31401001340.exe, 00000000.00000002.2353079397.0000000013189000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: originalFileName vs INVOICE31401001340.exe
Source: INVOICE31401001340.exe, 00000000.00000002.2353079397.0000000013189000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: OriginalFilenameUpdate.exe. vs INVOICE31401001340.exe
Source: INVOICE31401001340.exe, 00000000.00000002.2353079397.0000000013189000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: OriginalFilenameSyncro.Installer.exe. vs INVOICE31401001340.exe
Source: INVOICE31401001340.exe, 00000000.00000000.2120038499.0000000000672000.00000002.00000001.01000000.00000003.sdmp Binary or memory string: OriginalFilenameSyncro.App.Runner.exe. vs INVOICE31401001340.exe
Source: INVOICE31401001340.exe, 00000000.00000000.2120038499.0000000000672000.00000002.00000001.01000000.00000003.sdmp Binary or memory string: OriginalFilenameSyncro.Service.Runner.exe. vs INVOICE31401001340.exe
Source: INVOICE31401001340.exe, 00000000.00000000.2120038499.0000000000672000.00000002.00000001.01000000.00000003.sdmp Binary or memory string: originalFileName vs INVOICE31401001340.exe
Source: INVOICE31401001340.exe, 00000000.00000000.2120038499.0000000000672000.00000002.00000001.01000000.00000003.sdmp Binary or memory string: OriginalFilenameUpdate.exe. vs INVOICE31401001340.exe
Source: INVOICE31401001340.exe, 00000000.00000000.2120038499.0000000000672000.00000002.00000001.01000000.00000003.sdmp Binary or memory string: OriginalFilenameSyncro.Installer.exe. vs INVOICE31401001340.exe
Source: INVOICE31401001340.exe, 00000000.00000000.2121013809.0000000000D7C000.00000002.00000001.01000000.00000003.sdmp Binary or memory string: OriginalFilenameInstaller.exe. vs INVOICE31401001340.exe
Source: INVOICE31401001340.exe Binary or memory string: OriginalFilenameSyncro.App.Runner.exe. vs INVOICE31401001340.exe
Source: INVOICE31401001340.exe Binary or memory string: OriginalFilenameSyncro.Service.Runner.exe. vs INVOICE31401001340.exe
Source: INVOICE31401001340.exe Binary or memory string: originalFileName vs INVOICE31401001340.exe
Tries to load missing DLLs
Source: C:\Users\user\Desktop\INVOICE31401001340.exe Section loaded: mscoree.dll Jump to behavior
Source: C:\Users\user\Desktop\INVOICE31401001340.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\Desktop\INVOICE31401001340.exe Section loaded: version.dll Jump to behavior
Source: C:\Users\user\Desktop\INVOICE31401001340.exe Section loaded: vcruntime140_clr0400.dll Jump to behavior
Source: C:\Users\user\Desktop\INVOICE31401001340.exe Section loaded: ucrtbase_clr0400.dll Jump to behavior
Source: C:\Users\user\Desktop\INVOICE31401001340.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\Desktop\INVOICE31401001340.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\Desktop\INVOICE31401001340.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\Desktop\INVOICE31401001340.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Users\user\Desktop\INVOICE31401001340.exe Section loaded: propsys.dll Jump to behavior
Source: C:\Users\user\Desktop\INVOICE31401001340.exe Section loaded: edputil.dll Jump to behavior
Source: C:\Users\user\Desktop\INVOICE31401001340.exe Section loaded: urlmon.dll Jump to behavior
Source: C:\Users\user\Desktop\INVOICE31401001340.exe Section loaded: iertutil.dll Jump to behavior
Source: C:\Users\user\Desktop\INVOICE31401001340.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Users\user\Desktop\INVOICE31401001340.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Users\user\Desktop\INVOICE31401001340.exe Section loaded: windows.staterepositoryps.dll Jump to behavior
Source: C:\Users\user\Desktop\INVOICE31401001340.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Users\user\Desktop\INVOICE31401001340.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\INVOICE31401001340.exe Section loaded: appresolver.dll Jump to behavior
Source: C:\Users\user\Desktop\INVOICE31401001340.exe Section loaded: bcp47langs.dll Jump to behavior
Source: C:\Users\user\Desktop\INVOICE31401001340.exe Section loaded: slc.dll Jump to behavior
Source: C:\Users\user\Desktop\INVOICE31401001340.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Users\user\Desktop\INVOICE31401001340.exe Section loaded: sppc.dll Jump to behavior
Source: C:\Users\user\Desktop\INVOICE31401001340.exe Section loaded: onecorecommonproxystub.dll Jump to behavior
Source: C:\Users\user\Desktop\INVOICE31401001340.exe Section loaded: onecoreuapcommonproxystub.dll Jump to behavior
Source: C:\Users\user\Desktop\INVOICE31401001340.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Section loaded: mscoree.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Section loaded: version.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Section loaded: vcruntime140_clr0400.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Section loaded: ucrtbase_clr0400.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Section loaded: ucrtbase_clr0400.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Section loaded: amsi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Section loaded: msasn1.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Section loaded: gpapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Section loaded: rasapi32.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Section loaded: rasman.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Section loaded: rtutils.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Section loaded: mswsock.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Section loaded: winhttp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Section loaded: dhcpcsvc6.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Section loaded: dhcpcsvc.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Section loaded: dnsapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Section loaded: winnsi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Section loaded: rasadhlp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Section loaded: fwpuclnt.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Section loaded: secur32.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Section loaded: schannel.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Section loaded: mskeyprotect.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Section loaded: ntasn1.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Section loaded: ncrypt.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Section loaded: ncryptsslp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Section loaded: dwrite.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Section loaded: textinputframework.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Section loaded: coreuicomponents.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Section loaded: textshaping.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Section loaded: usoapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Section loaded: updatepolicy.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Section loaded: cabinet.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Section loaded: wbemcomn.dll Jump to behavior
Source: C:\Windows\System32\svchost.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\System32\svchost.exe Section loaded: qmgr.dll Jump to behavior
Source: C:\Windows\System32\svchost.exe Section loaded: bitsperf.dll Jump to behavior
Source: C:\Windows\System32\svchost.exe Section loaded: powrprof.dll Jump to behavior
Source: C:\Windows\System32\svchost.exe Section loaded: xmllite.dll Jump to behavior
Source: C:\Windows\System32\svchost.exe Section loaded: firewallapi.dll Jump to behavior
Source: C:\Windows\System32\svchost.exe Section loaded: esent.dll Jump to behavior
Source: C:\Windows\System32\svchost.exe Section loaded: umpdc.dll Jump to behavior
Source: C:\Windows\System32\svchost.exe Section loaded: dnsapi.dll Jump to behavior
Source: C:\Windows\System32\svchost.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Windows\System32\svchost.exe Section loaded: fwbase.dll Jump to behavior
Source: C:\Windows\System32\svchost.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Windows\System32\svchost.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Windows\System32\svchost.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Windows\System32\svchost.exe Section loaded: flightsettings.dll Jump to behavior
Source: C:\Windows\System32\svchost.exe Section loaded: policymanager.dll Jump to behavior
Source: C:\Windows\System32\svchost.exe Section loaded: msvcp110_win.dll Jump to behavior
Source: C:\Windows\System32\svchost.exe Section loaded: netprofm.dll Jump to behavior
Source: C:\Windows\System32\svchost.exe Section loaded: npmproxy.dll Jump to behavior
Source: C:\Windows\System32\svchost.exe Section loaded: bitsigd.dll Jump to behavior
Source: C:\Windows\System32\svchost.exe Section loaded: upnp.dll Jump to behavior
Source: C:\Windows\System32\svchost.exe Section loaded: winhttp.dll Jump to behavior
Source: C:\Windows\System32\svchost.exe Section loaded: ssdpapi.dll Jump to behavior
Source: C:\Windows\System32\svchost.exe Section loaded: urlmon.dll Jump to behavior
Source: C:\Windows\System32\svchost.exe Section loaded: iertutil.dll Jump to behavior
Source: C:\Windows\System32\svchost.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Windows\System32\svchost.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Windows\System32\svchost.exe Section loaded: appxdeploymentclient.dll Jump to behavior
Source: C:\Windows\System32\svchost.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Windows\System32\svchost.exe Section loaded: wsmauto.dll Jump to behavior
Source: C:\Windows\System32\svchost.exe Section loaded: miutils.dll Jump to behavior
Source: C:\Windows\System32\svchost.exe Section loaded: wsmsvc.dll Jump to behavior
Source: C:\Windows\System32\svchost.exe Section loaded: dsrole.dll Jump to behavior
Source: C:\Windows\System32\svchost.exe Section loaded: pcwum.dll Jump to behavior
Source: C:\Windows\System32\svchost.exe Section loaded: mi.dll Jump to behavior
Source: C:\Windows\System32\svchost.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Windows\System32\svchost.exe Section loaded: gpapi.dll Jump to behavior
Source: C:\Windows\System32\svchost.exe Section loaded: winhttp.dll Jump to behavior
Source: C:\Windows\System32\svchost.exe Section loaded: wkscli.dll Jump to behavior
Source: C:\Windows\System32\svchost.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Windows\System32\svchost.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\System32\svchost.exe Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: C:\Windows\System32\svchost.exe Section loaded: msv1_0.dll Jump to behavior
Source: C:\Windows\System32\svchost.exe Section loaded: ntlmshared.dll Jump to behavior
Source: C:\Windows\System32\svchost.exe Section loaded: cryptdll.dll Jump to behavior
Source: C:\Windows\System32\svchost.exe Section loaded: webio.dll Jump to behavior
Source: C:\Windows\System32\svchost.exe Section loaded: mswsock.dll Jump to behavior
Source: C:\Windows\System32\svchost.exe Section loaded: winnsi.dll Jump to behavior
Source: C:\Windows\System32\svchost.exe Section loaded: rasadhlp.dll Jump to behavior
Source: C:\Windows\System32\svchost.exe Section loaded: fwpuclnt.dll Jump to behavior
Source: C:\Windows\System32\svchost.exe Section loaded: rmclient.dll Jump to behavior
Source: C:\Windows\System32\svchost.exe Section loaded: usermgrcli.dll Jump to behavior
Source: C:\Windows\System32\svchost.exe Section loaded: execmodelclient.dll Jump to behavior
Source: C:\Windows\System32\svchost.exe Section loaded: propsys.dll Jump to behavior
Source: C:\Windows\System32\svchost.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Windows\System32\svchost.exe Section loaded: twinapi.appcore.dll Jump to behavior
Source: C:\Windows\System32\svchost.exe Section loaded: onecorecommonproxystub.dll Jump to behavior
Source: C:\Windows\System32\svchost.exe Section loaded: execmodelproxy.dll Jump to behavior
Source: C:\Windows\System32\svchost.exe Section loaded: resourcepolicyclient.dll Jump to behavior
Source: C:\Windows\System32\svchost.exe Section loaded: vssapi.dll Jump to behavior
Source: C:\Windows\System32\svchost.exe Section loaded: vsstrace.dll Jump to behavior
Source: C:\Windows\System32\svchost.exe Section loaded: samcli.dll Jump to behavior
Source: C:\Windows\System32\svchost.exe Section loaded: samlib.dll Jump to behavior
Source: C:\Windows\System32\svchost.exe Section loaded: es.dll Jump to behavior
Source: C:\Windows\System32\svchost.exe Section loaded: bitsproxy.dll Jump to behavior
Source: C:\Windows\System32\svchost.exe Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: C:\Windows\System32\svchost.exe Section loaded: dhcpcsvc6.dll Jump to behavior
Source: C:\Windows\System32\svchost.exe Section loaded: dhcpcsvc.dll Jump to behavior
Source: C:\Windows\System32\svchost.exe Section loaded: schannel.dll Jump to behavior
Source: C:\Windows\System32\svchost.exe Section loaded: mskeyprotect.dll Jump to behavior
Source: C:\Windows\System32\svchost.exe Section loaded: ntasn1.dll Jump to behavior
Source: C:\Windows\System32\svchost.exe Section loaded: ncrypt.dll Jump to behavior
Source: C:\Windows\System32\svchost.exe Section loaded: ncryptsslp.dll Jump to behavior
Source: C:\Windows\System32\svchost.exe Section loaded: msasn1.dll Jump to behavior
Source: C:\Windows\System32\svchost.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Windows\System32\svchost.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Windows\System32\svchost.exe Section loaded: dpapi.dll Jump to behavior
Source: C:\Windows\System32\svchost.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Windows\System32\cmd.exe Section loaded: cmdext.dll Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\InstallUtil.exe Section loaded: mscoree.dll Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\InstallUtil.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\InstallUtil.exe Section loaded: version.dll Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\InstallUtil.exe Section loaded: vcruntime140_clr0400.dll Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\InstallUtil.exe Section loaded: ucrtbase_clr0400.dll Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\InstallUtil.exe Section loaded: ucrtbase_clr0400.dll Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\InstallUtil.exe Section loaded: urlmon.dll Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\InstallUtil.exe Section loaded: iertutil.dll Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\InstallUtil.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\InstallUtil.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\InstallUtil.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\InstallUtil.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\InstallUtil.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\InstallUtil.exe Section loaded: propsys.dll Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\InstallUtil.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\InstallUtil.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\InstallUtil.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\InstallUtil.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Section loaded: mscoree.dll Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Section loaded: version.dll Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Section loaded: vcruntime140_clr0400.dll Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Section loaded: ucrtbase_clr0400.dll Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Section loaded: urlmon.dll Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Section loaded: iertutil.dll Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Section loaded: propsys.dll Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Section loaded: taskschd.dll Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Section loaded: xmllite.dll Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Section loaded: mswsock.dll Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Section loaded: dnsapi.dll Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Section loaded: rasadhlp.dll Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Section loaded: fwpuclnt.dll Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Section loaded: wtsapi32.dll Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Section loaded: winsta.dll Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Section loaded: sxs.dll Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Section loaded: firewallapi.dll Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Section loaded: fwbase.dll Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Section loaded: fwpolicyiomgr.dll Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Section loaded: secur32.dll Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Section loaded: msv1_0.dll Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Section loaded: ntlmshared.dll Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Section loaded: cryptdll.dll Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Section loaded: dhcpcsvc6.dll Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Section loaded: dhcpcsvc.dll Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Section loaded: winnsi.dll Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Section loaded: rasapi32.dll Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Section loaded: rasman.dll Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Section loaded: rtutils.dll Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Section loaded: winhttp.dll Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Section loaded: schannel.dll Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Section loaded: mskeyprotect.dll Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Section loaded: ntasn1.dll Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Section loaded: ncrypt.dll Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Section loaded: ncryptsslp.dll Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Section loaded: msasn1.dll Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Section loaded: gpapi.dll Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Section loaded: wbemcomn.dll Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Section loaded: amsi.dll Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Section loaded: ntdsapi.dll Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Section loaded: netapi32.dll Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Section loaded: logoncli.dll Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Section loaded: mscoree.dll
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Section loaded: apphelp.dll
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Section loaded: kernel.appcore.dll
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Section loaded: version.dll
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Section loaded: vcruntime140_clr0400.dll
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Section loaded: ucrtbase_clr0400.dll
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Section loaded: uxtheme.dll
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Section loaded: urlmon.dll
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Section loaded: iertutil.dll
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Section loaded: srvcli.dll
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Section loaded: netutils.dll
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Section loaded: sspicli.dll
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Section loaded: windows.storage.dll
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Section loaded: wldp.dll
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Section loaded: propsys.dll
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Section loaded: cryptsp.dll
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Section loaded: rsaenh.dll
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Section loaded: cryptbase.dll
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Section loaded: dwrite.dll
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Section loaded: msvcp140_clr0400.dll
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Section loaded: profapi.dll
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Section loaded: secur32.dll
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Section loaded: msv1_0.dll
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Section loaded: ntlmshared.dll
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Section loaded: cryptdll.dll
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Section loaded: windowscodecs.dll
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Section loaded: textshaping.dll
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Section loaded: wevtapi.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Section loaded: mscoree.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Section loaded: apphelp.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Section loaded: kernel.appcore.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Section loaded: version.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Section loaded: vcruntime140_clr0400.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Section loaded: ucrtbase_clr0400.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Section loaded: ucrtbase_clr0400.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Section loaded: wldp.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Section loaded: amsi.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Section loaded: userenv.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Section loaded: profapi.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Section loaded: cryptsp.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Section loaded: rsaenh.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Section loaded: cryptbase.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Section loaded: windows.storage.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Section loaded: iphlpapi.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Section loaded: dnsapi.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Section loaded: dhcpcsvc6.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Section loaded: dhcpcsvc.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Section loaded: winnsi.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Section loaded: mscoree.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Section loaded: kernel.appcore.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Section loaded: version.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Section loaded: vcruntime140_clr0400.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Section loaded: ucrtbase_clr0400.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Section loaded: wldp.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Section loaded: amsi.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Section loaded: userenv.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Section loaded: profapi.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Section loaded: cryptsp.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Section loaded: rsaenh.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Section loaded: cryptbase.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Section loaded: windows.storage.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Section loaded: iphlpapi.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Section loaded: dnsapi.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Section loaded: dhcpcsvc6.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Section loaded: dhcpcsvc.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Section loaded: winnsi.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Section loaded: rasapi32.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Section loaded: rasman.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Section loaded: rtutils.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Section loaded: mswsock.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Section loaded: winhttp.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Section loaded: ondemandconnroutehelper.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Section loaded: rasadhlp.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Section loaded: fwpuclnt.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Section loaded: secur32.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Section loaded: sspicli.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Section loaded: schannel.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Section loaded: mskeyprotect.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Section loaded: ntasn1.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Section loaded: ncrypt.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Section loaded: ncryptsslp.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Section loaded: msasn1.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Section loaded: gpapi.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Section loaded: ntmarta.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Section loaded: msdelta.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Section loaded: rstrtmgr.dll
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Section loaded: mscoree.dll
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Section loaded: kernel.appcore.dll
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Section loaded: version.dll
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Section loaded: vcruntime140_clr0400.dll
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Section loaded: ucrtbase_clr0400.dll
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Section loaded: uxtheme.dll
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Section loaded: urlmon.dll
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Section loaded: iertutil.dll
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Section loaded: srvcli.dll
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Section loaded: netutils.dll
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Section loaded: sspicli.dll
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Section loaded: windows.storage.dll
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Section loaded: wldp.dll
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Section loaded: propsys.dll
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Section loaded: cryptsp.dll
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Section loaded: rsaenh.dll
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Section loaded: cryptbase.dll
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Section loaded: dwrite.dll
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Section loaded: msvcp140_clr0400.dll
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Section loaded: profapi.dll
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Section loaded: secur32.dll
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Section loaded: msv1_0.dll
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Section loaded: ntlmshared.dll
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Section loaded: cryptdll.dll
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Section loaded: windowscodecs.dll
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Section loaded: wevtapi.dll
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Section loaded: textshaping.dll
Source: C:\Windows\System32\svchost.exe Section loaded: smphost.dll
Source: C:\Windows\System32\svchost.exe Section loaded: mi.dll
Source: C:\Windows\System32\svchost.exe Section loaded: miutils.dll
Source: C:\Windows\System32\svchost.exe Section loaded: wldp.dll
Source: C:\Windows\System32\svchost.exe Section loaded: mispace.dll
Source: C:\Windows\System32\svchost.exe Section loaded: sxshared.dll
Source: C:\Windows\System32\svchost.exe Section loaded: sspicli.dll
Source: C:\Windows\System32\svchost.exe Section loaded: srvcli.dll
Source: C:\Windows\System32\svchost.exe Section loaded: netutils.dll
Source: C:\Windows\System32\svchost.exe Section loaded: wmiclnt.dll
Source: C:\Windows\System32\svchost.exe Section loaded: devobj.dll
Source: C:\Windows\System32\svchost.exe Section loaded: wevtapi.dll
Source: C:\Windows\System32\svchost.exe Section loaded: virtdisk.dll
Source: C:\Windows\System32\svchost.exe Section loaded: resutils.dll
Source: C:\Windows\System32\svchost.exe Section loaded: bcd.dll
Source: C:\Windows\System32\svchost.exe Section loaded: fltlib.dll
Source: C:\Windows\System32\svchost.exe Section loaded: clusapi.dll
Source: C:\Windows\System32\svchost.exe Section loaded: dnsapi.dll
Source: C:\Windows\System32\svchost.exe Section loaded: iphlpapi.dll
Source: C:\Windows\System32\svchost.exe Section loaded: wmidcom.dll
Source: C:\Windows\System32\svchost.exe Section loaded: dpapi.dll
Source: C:\Windows\System32\svchost.exe Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\svchost.exe Section loaded: wmitomi.dll
Source: C:\Windows\System32\svchost.exe Section loaded: fastprox.dll
Source: C:\Windows\System32\svchost.exe Section loaded: wbemcomn.dll
Source: C:\Windows\System32\svchost.exe Section loaded: wbemcomn.dll
Source: C:\Windows\System32\svchost.exe Section loaded: amsi.dll
Source: C:\Windows\System32\svchost.exe Section loaded: userenv.dll
Source: C:\Windows\System32\svchost.exe Section loaded: profapi.dll
Source: C:\Windows\System32\svchost.exe Section loaded: wkscli.dll
Source: C:\Windows\System32\svchost.exe Section loaded: cscapi.dll
Source: C:\Windows\System32\svchost.exe Section loaded: fmifs.dll
Source: C:\Windows\System32\svchost.exe Section loaded: ulib.dll
Source: C:\Windows\System32\svchost.exe Section loaded: ifsutil.dll
Source: C:\Windows\System32\svchost.exe Section loaded: healthapi.dll
Source: C:\Windows\System32\svchost.exe Section loaded: healthapi.dll
Source: C:\Windows\System32\svchost.exe Section loaded: wsp_fs.dll
Source: C:\Windows\System32\svchost.exe Section loaded: ntmarta.dll
Source: C:\Windows\System32\svchost.exe Section loaded: netapi32.dll
Source: C:\Windows\System32\svchost.exe Section loaded: dsrole.dll
Source: C:\Windows\System32\svchost.exe Section loaded: cryptsp.dll
Source: C:\Windows\System32\svchost.exe Section loaded: sscore.dll
Source: C:\Windows\System32\svchost.exe Section loaded: ntdsapi.dll
Source: C:\Windows\System32\svchost.exe Section loaded: logoncli.dll
Source: C:\Windows\System32\svchost.exe Section loaded: wsp_sr.dll
Source: C:\Windows\System32\svchost.exe Section loaded: tdh.dll
Source: C:\Windows\System32\svchost.exe Section loaded: wsp_health.dll
Source: C:\Windows\System32\svchost.exe Section loaded: healthapi.dll
Source: C:\Windows\System32\svchost.exe Section loaded: healthapi.dll
Source: C:\Windows\System32\svchost.exe Section loaded: healthapi.dll
Source: C:\Windows\System32\svchost.exe Section loaded: healthapi.dll
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Section loaded: mscoree.dll
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Section loaded: kernel.appcore.dll
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Section loaded: version.dll
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Section loaded: vcruntime140_clr0400.dll
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Section loaded: ucrtbase_clr0400.dll
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Section loaded: ucrtbase_clr0400.dll
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Section loaded: uxtheme.dll
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Section loaded: urlmon.dll
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Section loaded: iertutil.dll
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Section loaded: srvcli.dll
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Section loaded: netutils.dll
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Section loaded: sspicli.dll
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Section loaded: windows.storage.dll
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Section loaded: wldp.dll
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Section loaded: propsys.dll
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Section loaded: cryptsp.dll
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Section loaded: rsaenh.dll
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Section loaded: cryptbase.dll
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Section loaded: dwrite.dll
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Section loaded: msvcp140_clr0400.dll
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Section loaded: profapi.dll
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Section loaded: secur32.dll
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Section loaded: msv1_0.dll
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Section loaded: ntlmshared.dll
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Section loaded: cryptdll.dll
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Section loaded: windowscodecs.dll
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Section loaded: wevtapi.dll
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Section loaded: textshaping.dll
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Section loaded: mscoree.dll
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Section loaded: kernel.appcore.dll
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Section loaded: version.dll
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Section loaded: vcruntime140_clr0400.dll
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Section loaded: ucrtbase_clr0400.dll
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Section loaded: ucrtbase_clr0400.dll
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Section loaded: uxtheme.dll
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Section loaded: urlmon.dll
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Section loaded: iertutil.dll
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Section loaded: srvcli.dll
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Section loaded: netutils.dll
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Section loaded: sspicli.dll
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Section loaded: windows.storage.dll
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Section loaded: wldp.dll
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Section loaded: propsys.dll
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Section loaded: cryptsp.dll
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Section loaded: rsaenh.dll
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Section loaded: cryptbase.dll
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Section loaded: dwrite.dll
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Section loaded: msvcp140_clr0400.dll
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Section loaded: profapi.dll
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Section loaded: secur32.dll
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Section loaded: msv1_0.dll
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Section loaded: ntlmshared.dll
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Section loaded: cryptdll.dll
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Section loaded: windowscodecs.dll
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Section loaded: wevtapi.dll
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Section loaded: textshaping.dll
Source: C:\Program Files\RepairTech\LiveAgent\SyncroLive.Service.Runner.exe Section loaded: mscoree.dll
Source: C:\Program Files\RepairTech\LiveAgent\SyncroLive.Service.Runner.exe Section loaded: kernel.appcore.dll
Source: C:\Program Files\RepairTech\LiveAgent\SyncroLive.Service.Runner.exe Section loaded: version.dll
Source: C:\Program Files\RepairTech\LiveAgent\SyncroLive.Service.Runner.exe Section loaded: vcruntime140_clr0400.dll
Source: C:\Program Files\RepairTech\LiveAgent\SyncroLive.Service.Runner.exe Section loaded: ucrtbase_clr0400.dll
Source: C:\Program Files\RepairTech\LiveAgent\SyncroLive.Service.Runner.exe Section loaded: urlmon.dll
Source: C:\Program Files\RepairTech\LiveAgent\SyncroLive.Service.Runner.exe Section loaded: iertutil.dll
Source: C:\Program Files\RepairTech\LiveAgent\SyncroLive.Service.Runner.exe Section loaded: srvcli.dll
Source: C:\Program Files\RepairTech\LiveAgent\SyncroLive.Service.Runner.exe Section loaded: netutils.dll
Source: C:\Program Files\RepairTech\LiveAgent\SyncroLive.Service.Runner.exe Section loaded: sspicli.dll
Source: C:\Program Files\RepairTech\LiveAgent\SyncroLive.Service.Runner.exe Section loaded: windows.storage.dll
Source: C:\Program Files\RepairTech\LiveAgent\SyncroLive.Service.Runner.exe Section loaded: wldp.dll
Source: C:\Program Files\RepairTech\LiveAgent\SyncroLive.Service.Runner.exe Section loaded: propsys.dll
Source: C:\Program Files\RepairTech\LiveAgent\SyncroLive.Service.Runner.exe Section loaded: cryptsp.dll
Source: C:\Program Files\RepairTech\LiveAgent\SyncroLive.Service.Runner.exe Section loaded: rsaenh.dll
Source: C:\Program Files\RepairTech\LiveAgent\SyncroLive.Service.Runner.exe Section loaded: cryptbase.dll
Source: C:\Program Files\RepairTech\LiveAgent\SyncroLive.Service.Runner.exe Section loaded: profapi.dll
Source: C:\Program Files\RepairTech\LiveAgent\SyncroLive.Service.Runner.exe Section loaded: sxs.dll
Source: C:\Program Files\RepairTech\LiveAgent\SyncroLive.Service.Runner.exe Section loaded: firewallapi.dll
Source: C:\Program Files\RepairTech\LiveAgent\SyncroLive.Service.Runner.exe Section loaded: dnsapi.dll
Source: C:\Program Files\RepairTech\LiveAgent\SyncroLive.Service.Runner.exe Section loaded: iphlpapi.dll
Source: C:\Program Files\RepairTech\LiveAgent\SyncroLive.Service.Runner.exe Section loaded: fwbase.dll
Source: C:\Program Files\RepairTech\LiveAgent\SyncroLive.Service.Runner.exe Section loaded: fwpolicyiomgr.dll
Source: C:\Program Files\RepairTech\LiveAgent\SyncroLive.Service.Runner.exe Section loaded: wtsapi32.dll
Source: C:\Program Files\RepairTech\LiveAgent\SyncroLive.Service.Runner.exe Section loaded: winsta.dll
Source: C:\Program Files\RepairTech\LiveAgent\SyncroLive.Service.Runner.exe Section loaded: userenv.dll
Source: C:\Program Files\RepairTech\LiveAgent\SyncroLive.Service.Runner.exe Section loaded: mswsock.dll
Source: C:\Program Files\RepairTech\LiveAgent\SyncroLive.Service.Runner.exe Section loaded: rasadhlp.dll
Source: C:\Program Files\RepairTech\LiveAgent\SyncroLive.Service.Runner.exe Section loaded: fwpuclnt.dll
Source: C:\Program Files\RepairTech\LiveAgent\SyncroLive.Service.Runner.exe Section loaded: apphelp.dll
Source: C:\Program Files\RepairTech\LiveAgent\SyncroLive.Service.Runner.exe Section loaded: secur32.dll
Source: C:\Program Files\RepairTech\LiveAgent\SyncroLive.Service.Runner.exe Section loaded: msv1_0.dll
Source: C:\Program Files\RepairTech\LiveAgent\SyncroLive.Service.Runner.exe Section loaded: ntlmshared.dll
Source: C:\Program Files\RepairTech\LiveAgent\SyncroLive.Service.Runner.exe Section loaded: cryptdll.dll
Source: C:\Program Files\RepairTech\LiveAgent\SyncroLive.Agent.Runner.exe Section loaded: mscoree.dll
Source: C:\Program Files\RepairTech\LiveAgent\SyncroLive.Agent.Runner.exe Section loaded: kernel.appcore.dll
Source: C:\Program Files\RepairTech\LiveAgent\SyncroLive.Agent.Runner.exe Section loaded: version.dll
Source: C:\Program Files\RepairTech\LiveAgent\SyncroLive.Agent.Runner.exe Section loaded: vcruntime140_clr0400.dll
Source: C:\Program Files\RepairTech\LiveAgent\SyncroLive.Agent.Runner.exe Section loaded: ucrtbase_clr0400.dll
Source: C:\Program Files\RepairTech\LiveAgent\SyncroLive.Agent.Runner.exe Section loaded: ucrtbase_clr0400.dll
Source: C:\Program Files\RepairTech\LiveAgent\SyncroLive.Agent.Runner.exe Section loaded: uxtheme.dll
Source: C:\Program Files\RepairTech\LiveAgent\SyncroLive.Agent.Runner.exe Section loaded: urlmon.dll
Source: C:\Program Files\RepairTech\LiveAgent\SyncroLive.Agent.Runner.exe Section loaded: iertutil.dll
Source: C:\Program Files\RepairTech\LiveAgent\SyncroLive.Agent.Runner.exe Section loaded: srvcli.dll
Source: C:\Program Files\RepairTech\LiveAgent\SyncroLive.Agent.Runner.exe Section loaded: netutils.dll
Source: C:\Program Files\RepairTech\LiveAgent\SyncroLive.Agent.Runner.exe Section loaded: sspicli.dll
Source: C:\Program Files\RepairTech\LiveAgent\SyncroLive.Agent.Runner.exe Section loaded: windows.storage.dll
Source: C:\Program Files\RepairTech\LiveAgent\SyncroLive.Agent.Runner.exe Section loaded: wldp.dll
Source: C:\Program Files\RepairTech\LiveAgent\SyncroLive.Agent.Runner.exe Section loaded: propsys.dll
Source: C:\Program Files\RepairTech\LiveAgent\SyncroLive.Agent.Runner.exe Section loaded: cryptsp.dll
Source: INVOICE31401001340.exe, FileUtils.cs Security API names: System.IO.FileInfo.SetAccessControl(System.Security.AccessControl.FileSecurity)
Source: INVOICE31401001340.exe, FileUtils.cs Security API names: System.IO.FileInfo.GetAccessControl()
Source: INVOICE31401001340.exe, FileUtils.cs Security API names: System.IO.DirectoryInfo.SetAccessControl(System.Security.AccessControl.DirectorySecurity)
Source: INVOICE31401001340.exe, FileUtils.cs Security API names: System.IO.DirectoryInfo.GetAccessControl()
Source: Syncro.Installer.exe.0.dr, IJwtPayloadParser.cs Suspicious method names: ..TryParseJwtPayload
Source: Syncro.Installer.exe.0.dr, JwtPayloadParser.cs Suspicious method names: .JwtPayloadParser.GetParamsFromDerivedPayloadType
Source: Syncro.Installer.exe.0.dr, JwtPayloadParser.cs Suspicious method names: .JwtPayloadParser.TryParseJwtPayload
Source: Microsoft.Data.Edm.dll.2.dr Binary or memory string: d:\_Bld\1966\2780\Sources\obj\AnyCPU\Release\Microsoft.Data.Edm.csproj\Desktop\Microsoft.Data.Edm.pdb
Source: classification engine Classification label: mal50.troj.evad.winEXE@43/419@13/9
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe File created: C:\Program Files\RepairTech Jump to behavior
Source: C:\Users\user\Desktop\INVOICE31401001340.exe File created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\INVOICE31401001340.exe.log Jump to behavior
Source: C:\Program Files\RepairTech\LiveAgent\SyncroLive.Agent.Runner.exe Mutant created: NULL
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\InstallUtil.exe Mutant created: \Sessions\1\BaseNamedObjects\Global\netfxeventlog.1.0
Source: C:\Program Files\RepairTech\LiveAgent\SyncroLive.Agent.Runner.exe Mutant created: \Sessions\1\BaseNamedObjects\Global\Access_ISABUS.HTP.Method
Source: C:\Windows\System32\conhost.exe Mutant created: \BaseNamedObjects\Local\SM0:1620:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \BaseNamedObjects\Local\SM0:3224:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \BaseNamedObjects\Local\SM0:4824:120:WilError_03
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Mutant created: \BaseNamedObjects\Global\CLR_PerfMon_WrapMutex
Source: C:\Windows\System32\conhost.exe Mutant created: \BaseNamedObjects\Local\SM0:7128:120:WilError_03
Source: C:\Users\user\Desktop\INVOICE31401001340.exe Mutant created: \Sessions\1\BaseNamedObjects\INSTALLER-SYNCRO-A32C299C-E895-4A2B-B690-3C73661D7063
Source: C:\Program Files\RepairTech\LiveAgent\SyncroLive.Agent.Runner.exe Mutant created: \Sessions\1\BaseNamedObjects\Global\Access_PCI
Source: C:\Windows\System32\conhost.exe Mutant created: \BaseNamedObjects\Local\SM0:6548:120:WilError_03
Source: C:\Program Files\RepairTech\LiveAgent\SyncroLive.Service.Runner.exe Mutant created: \BaseNamedObjects\Global\netfxeventlog.1.0
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5940:120:WilError_03
Source: C:\Users\user\Desktop\INVOICE31401001340.exe File created: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Process created: C:\Windows\System32\cmd.exe cmd.exe" /c "C:\Program Files\RepairTech\Syncro\install.bat
Source: INVOICE31401001340.exe Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: INVOICE31401001340.exe Static file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.98%
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_Processor
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_Processor
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_Processor
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_Processor
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_Processor
Source: C:\Program Files\RepairTech\LiveAgent\SyncroLive.Agent.Runner.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_Processor
Source: C:\Users\user\Desktop\INVOICE31401001340.exe File read: C:\Users\user\Desktop\desktop.ini Jump to behavior
Source: C:\Users\user\Desktop\INVOICE31401001340.exe Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: C:\Users\user\Desktop\INVOICE31401001340.exe File read: C:\Users\user\Desktop\INVOICE31401001340.exe Jump to behavior
Source: unknown Process created: C:\Users\user\Desktop\INVOICE31401001340.exe C:\Users\user\Desktop\INVOICE31401001340.exe
Source: C:\Users\user\Desktop\INVOICE31401001340.exe Process created: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe "C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe" --jwt-payload eyJ0eXAiOiJKV1QiLCJhbGciOiJFUzI1NiJ9.eyJ2ZXJzaW9uIjoxLCJpbnN0YWxsIjp7InNob3AiOiIycHJPZFM2MWItc1FTQXA2aV9XVnRBIiwiY3VzdG9tZXJfaWQiOjEzNzUzOTMsImZvbGRlcl9pZCI6Mzc1ODExOX0sInNlcnZpY2luZyI6eyJjaGFubmVsIjoic3luY3JvLXJ0bSIsInRhcmdldCI6InN5bmNybyJ9fQ.qpR5PqzCuyisf6IKqdUr3HoeK5bJeW3zqdyumas0geGur6RM6l2ILEri8jVBr7qw20jtv4z0BCzdaar0brhD3g
Source: unknown Process created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Process created: C:\Windows\System32\cmd.exe cmd.exe" /c "C:\Program Files\RepairTech\Syncro\install.bat
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\InstallUtil.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\installutil.exe" /ShowCallStack /LogFile=C:\ProgramData/Syncro/logs/ServiceInstall.log "C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\sc.exe sc failure Syncro reset= 60 actions= restart/5000/restart/10000/restart/60000
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\sc.exe sc start Syncro
Source: unknown Process created: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Process created: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe "C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe"
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Process created: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe "C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe" install
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Process created: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe" -displayname "SyncroRecovery" -servicename "SyncroOvermind
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Process created: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe "C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe"
Source: unknown Process created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k smphost
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Process created: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe "C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe"
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Process created: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe "C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe"
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Process created: C:\Windows\System32\sc.exe sc" create "SyncroLive" binpath= "\"C:\Program Files\RepairTech\LiveAgent\SyncroLive.Service.Runner.exe\"" displayname= "SyncroLive" start= "delayed-auto
Source: C:\Windows\System32\sc.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Process created: C:\Windows\System32\sc.exe sc" description "SyncroLive" "
Source: C:\Windows\System32\sc.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Process created: C:\Windows\System32\sc.exe "sc" failure "SyncroLive" reset= 3600 actions= restart/5000/restart/30000/restart/300000
Source: C:\Windows\System32\sc.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknown Process created: C:\Program Files\RepairTech\LiveAgent\SyncroLive.Service.Runner.exe C:\Program Files\RepairTech\LiveAgent\SyncroLive.Service.Runner.exe
Source: C:\Program Files\RepairTech\LiveAgent\SyncroLive.Service.Runner.exe Process created: C:\Program Files\RepairTech\LiveAgent\SyncroLive.Agent.Runner.exe "C:\Program Files\RepairTech\LiveAgent\SyncroLive.Agent.Runner.exe"
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Process created: C:\Windows\System32\sc.exe "sc" failure "Syncro" reset= 3600 actions= restart/300000
Source: unknown Process created: C:\Windows\System32\wbem\WmiApSrv.exe C:\Windows\system32\wbem\WmiApSrv.exe
Source: C:\Windows\System32\sc.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\INVOICE31401001340.exe Process created: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe "C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe" --jwt-payload eyJ0eXAiOiJKV1QiLCJhbGciOiJFUzI1NiJ9.eyJ2ZXJzaW9uIjoxLCJpbnN0YWxsIjp7InNob3AiOiIycHJPZFM2MWItc1FTQXA2aV9XVnRBIiwiY3VzdG9tZXJfaWQiOjEzNzUzOTMsImZvbGRlcl9pZCI6Mzc1ODExOX0sInNlcnZpY2luZyI6eyJjaGFubmVsIjoic3luY3JvLXJ0bSIsInRhcmdldCI6InN5bmNybyJ9fQ.qpR5PqzCuyisf6IKqdUr3HoeK5bJeW3zqdyumas0geGur6RM6l2ILEri8jVBr7qw20jtv4z0BCzdaar0brhD3g Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Process created: C:\Windows\System32\cmd.exe cmd.exe" /c "C:\Program Files\RepairTech\Syncro\install.bat Jump to behavior
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\InstallUtil.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\installutil.exe" /ShowCallStack /LogFile=C:\ProgramData/Syncro/logs/ServiceInstall.log "C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Jump to behavior
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\sc.exe sc failure Syncro reset= 60 actions= restart/5000/restart/10000/restart/60000 Jump to behavior
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\sc.exe sc start Syncro Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Process created: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe "C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe" Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Process created: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe "C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe" install Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Process created: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe "C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe" Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Process created: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe "C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe" Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Process created: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe "C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe" Jump to behavior
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Process created: C:\Windows\System32\sc.exe sc" create "SyncroLive" binpath= "\"C:\Program Files\RepairTech\LiveAgent\SyncroLive.Service.Runner.exe\"" displayname= "SyncroLive" start= "delayed-auto
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Process created: C:\Windows\System32\sc.exe sc" description "SyncroLive" "
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Process created: C:\Windows\System32\sc.exe "sc" failure "SyncroLive" reset= 3600 actions= restart/5000/restart/30000/restart/300000
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Process created: C:\Windows\System32\sc.exe "sc" failure "Syncro" reset= 3600 actions= restart/300000
Source: C:\Program Files\RepairTech\LiveAgent\SyncroLive.Service.Runner.exe Process created: C:\Program Files\RepairTech\LiveAgent\SyncroLive.Agent.Runner.exe "C:\Program Files\RepairTech\LiveAgent\SyncroLive.Agent.Runner.exe"
Source: C:\Users\user\Desktop\INVOICE31401001340.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32 Jump to behavior
Source: Window Recorder Window detected: More than 3 window changes detected
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe File opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\Update.exe Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\packages Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\packages\RELEASES Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\packages\Syncro-1.0.181.14910-full.nupkg Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\7za-x64.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\7za-x86.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\ar-SA Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\ar-SA\Syncro.App.resources.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\Autofac.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\config.json Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\cs-CZ Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\cs-CZ\Syncro.App.resources.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\CSharpFunctionalExtensions.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\da-DK Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\da-DK\Syncro.App.resources.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\de Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\de-DE Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\de-DE\Syncro.App.resources.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\DeltaCompressionDotNet.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\Destructurama.Attributed.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\de\Microsoft.Data.Edm.resources.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\de\Microsoft.Data.OData.resources.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\de\Microsoft.Data.Services.Client.resources.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\de\System.Spatial.resources.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\el-GR Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\el-GR\Syncro.App.resources.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\en Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\en\Syncro.App.resources.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\en\Syncro.Uninstaller.resources.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\es Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\es-ES Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\es-ES\Syncro.App.resources.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\es\Microsoft.Data.Edm.resources.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\es\Microsoft.Data.OData.resources.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\es\Microsoft.Data.Services.Client.resources.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\es\System.Spatial.resources.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\fi-FI Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\fi-FI\Syncro.App.resources.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\FluentCommandLineParser.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\Flurl.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\Flurl.Http.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\fr Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\fr-FR Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\fr-FR\Syncro.App.resources.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\fr\Microsoft.Data.Edm.resources.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\fr\Microsoft.Data.OData.resources.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\fr\Microsoft.Data.Services.Client.resources.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\fr\System.Spatial.resources.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\ICSharpCode.SharpZipLib.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\Images Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\Images\chat-bubbles-icon.png Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\Images\custom-logo.png Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\Images\kabuto-logo.ico Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\Interop.IWshRuntimeLibrary.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\Interop.NetFwTypeLib.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\Interop.WUApiLib.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\it Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\it-IT Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\it-IT\Syncro.App.resources.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\Itenso.TimePeriod.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\it\Microsoft.Data.Edm.resources.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\it\Microsoft.Data.OData.resources.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\it\Microsoft.Data.Services.Client.resources.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\it\System.Spatial.resources.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\ja Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\ja-JP Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\ja-JP\Syncro.App.resources.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\ja\Microsoft.Data.Edm.resources.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\ja\Microsoft.Data.OData.resources.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\ja\Microsoft.Data.Services.Client.resources.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\ja\System.Spatial.resources.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\JetBrains.Annotations.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\ko Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\ko\Microsoft.Data.Edm.resources.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\ko\Microsoft.Data.OData.resources.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\ko\Microsoft.Data.Services.Client.resources.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\ko\System.Spatial.resources.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\MetroFramework.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\MetroFramework.Fonts.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\Microsoft.Bcl.AsyncInterfaces.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\Microsoft.Data.Edm.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\Microsoft.Data.OData.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\Microsoft.Data.Services.Client.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\Microsoft.Web.XmlTransform.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\Microsoft.Win32.TaskScheduler.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\Mono.Cecil.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\Newtonsoft.Json.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\nl-NL Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\nl-NL\Syncro.App.resources.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\NuGet.Squirrel.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\Phoenix.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\pt-BR Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\pt-BR\Syncro.App.resources.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\RepairTech.Common.Tools.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\RepairTech.Common.Wpf.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\RestSharp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\RollbarSharp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\ru Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\ru-RU Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\ru-RU\Syncro.App.resources.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\ru\Microsoft.Data.Edm.resources.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\ru\Microsoft.Data.OData.resources.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\ru\Microsoft.Data.Services.Client.resources.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\ru\System.Spatial.resources.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\Serilog.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\Serilog.Formatting.Compact.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\Serilog.Sinks.Console.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\Serilog.Sinks.File.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\Serilog.Sinks.Literate.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\SevenZipSharp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\SharpCompress.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\SharpSnmpLib.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\sl-SI Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\sl-SI\Syncro.App.resources.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\Splat.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\Squirrel.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\Syncro.App.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\Syncro.App.dll.config Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\Syncro.App.Runner.exe Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\Syncro.Contracts.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\Syncro.Service.Configuration.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\Syncro.Service.exe Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\Syncro.Service.exe.config Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\Syncro.Service.Interfaces.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\Syncro.Service.Models.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\Syncro.Service.Runner.exe Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\Syncro.Service.Services.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\Syncro.Tools.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\Syncro.Uninstaller.exe Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\Syncro.Uninstaller.exe.config Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\Syncro.Uninstaller.Tools.exe Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\Syncro.Uninstaller.Tools.exe.config Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\System.Net.WebSockets.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\System.Runtime.CompilerServices.Unsafe.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\System.Runtime.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\System.Security.Cryptography.Algorithms.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\System.Security.Cryptography.Encoding.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\System.Security.Cryptography.Primitives.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\System.Security.Cryptography.X509Certificates.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\System.Spatial.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\System.Threading.Tasks.Extensions.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\System.ValueTuple.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\Telerik.Windows.Controls.ConversationalUI.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\Telerik.Windows.Controls.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\Telerik.Windows.Controls.Input.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\Telerik.Windows.Controls.Navigation.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\Telerik.Windows.Data.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\UrlCombineLib.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\websocket-sharp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\zh-CHS Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\zh-CHS\Syncro.App.resources.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\zh-Hans Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\zh-Hans\Microsoft.Data.Edm.resources.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\zh-Hans\Microsoft.Data.OData.resources.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\zh-Hans\Microsoft.Data.Services.Client.resources.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\zh-Hans\System.Spatial.resources.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\zh-Hant Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\zh-Hant\Microsoft.Data.Edm.resources.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\zh-Hant\Microsoft.Data.OData.resources.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\zh-Hant\Microsoft.Data.Services.Client.resources.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\zh-Hant\System.Spatial.resources.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Directory created: C:\Program Files\RepairTech\Syncro\install.bat Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\InstallUtil.exe Directory created: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.InstallState Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Directory created: C:\Program Files\RepairTech\Syncro\packages\.betaId Jump to behavior
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\LiveAgent
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\LiveAgent\app-0.0.66.14351~f7fcc35a2d1947f693e0732f444c406e
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\LiveAgent\app-0.0.66.14351~f7fcc35a2d1947f693e0732f444c406e\Cassia.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\LiveAgent\app-0.0.66.14351~f7fcc35a2d1947f693e0732f444c406e\CSharpFunctionalExtensions.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\LiveAgent\app-0.0.66.14351~f7fcc35a2d1947f693e0732f444c406e\DeltaCompressionDotNet.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\LiveAgent\app-0.0.66.14351~f7fcc35a2d1947f693e0732f444c406e\deniszykov.WebSocketListener.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\LiveAgent\app-0.0.66.14351~f7fcc35a2d1947f693e0732f444c406e\Destructurama.Attributed.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\LiveAgent\app-0.0.66.14351~f7fcc35a2d1947f693e0732f444c406e\FluentCommandLineParser.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\LiveAgent\app-0.0.66.14351~f7fcc35a2d1947f693e0732f444c406e\Flurl.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\LiveAgent\app-0.0.66.14351~f7fcc35a2d1947f693e0732f444c406e\Flurl.Http.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\LiveAgent\app-0.0.66.14351~f7fcc35a2d1947f693e0732f444c406e\Interop.NetFwTypeLib.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\LiveAgent\app-0.0.66.14351~f7fcc35a2d1947f693e0732f444c406e\JetBrains.Annotations.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\LiveAgent\app-0.0.66.14351~f7fcc35a2d1947f693e0732f444c406e\Microsoft.Data.Edm.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\LiveAgent\app-0.0.66.14351~f7fcc35a2d1947f693e0732f444c406e\Microsoft.Data.OData.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\LiveAgent\app-0.0.66.14351~f7fcc35a2d1947f693e0732f444c406e\Microsoft.Data.Services.Client.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\LiveAgent\app-0.0.66.14351~f7fcc35a2d1947f693e0732f444c406e\Microsoft.Web.XmlTransform.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\LiveAgent\app-0.0.66.14351~f7fcc35a2d1947f693e0732f444c406e\Mixpanel.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\LiveAgent\app-0.0.66.14351~f7fcc35a2d1947f693e0732f444c406e\Mono.Cecil.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\LiveAgent\app-0.0.66.14351~f7fcc35a2d1947f693e0732f444c406e\Newtonsoft.Json.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\LiveAgent\app-0.0.66.14351~f7fcc35a2d1947f693e0732f444c406e\NuGet.Squirrel.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\LiveAgent\app-0.0.66.14351~f7fcc35a2d1947f693e0732f444c406e\OpenHardwareMonitorLib.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\LiveAgent\app-0.0.66.14351~f7fcc35a2d1947f693e0732f444c406e\RepairTech.Common.Tools.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\LiveAgent\app-0.0.66.14351~f7fcc35a2d1947f693e0732f444c406e\RepairTech.Common.Wpf.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\LiveAgent\app-0.0.66.14351~f7fcc35a2d1947f693e0732f444c406e\RollbarSharp.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\LiveAgent\app-0.0.66.14351~f7fcc35a2d1947f693e0732f444c406e\Serilog.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\LiveAgent\app-0.0.66.14351~f7fcc35a2d1947f693e0732f444c406e\Serilog.Formatting.Compact.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\LiveAgent\app-0.0.66.14351~f7fcc35a2d1947f693e0732f444c406e\Serilog.Sinks.Console.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\LiveAgent\app-0.0.66.14351~f7fcc35a2d1947f693e0732f444c406e\Serilog.Sinks.File.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\LiveAgent\app-0.0.66.14351~f7fcc35a2d1947f693e0732f444c406e\Serilog.Sinks.Literate.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\LiveAgent\app-0.0.66.14351~f7fcc35a2d1947f693e0732f444c406e\SharpCompress.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\LiveAgent\app-0.0.66.14351~f7fcc35a2d1947f693e0732f444c406e\SharpDX.Direct3D11.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\LiveAgent\app-0.0.66.14351~f7fcc35a2d1947f693e0732f444c406e\SharpDX.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\LiveAgent\app-0.0.66.14351~f7fcc35a2d1947f693e0732f444c406e\SharpDX.DXGI.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\LiveAgent\app-0.0.66.14351~f7fcc35a2d1947f693e0732f444c406e\SharpDX.Mathematics.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\LiveAgent\app-0.0.66.14351~f7fcc35a2d1947f693e0732f444c406e\Splat.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\LiveAgent\app-0.0.66.14351~f7fcc35a2d1947f693e0732f444c406e\Squirrel.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\LiveAgent\app-0.0.66.14351~f7fcc35a2d1947f693e0732f444c406e\SyncroLive.Agent.exe
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\LiveAgent\app-0.0.66.14351~f7fcc35a2d1947f693e0732f444c406e\SyncroLive.Agent.exe.config
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\LiveAgent\app-0.0.66.14351~f7fcc35a2d1947f693e0732f444c406e\SyncroLive.Agent.Runner.exe
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\LiveAgent\app-0.0.66.14351~f7fcc35a2d1947f693e0732f444c406e\SyncroLive.Interface.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\LiveAgent\app-0.0.66.14351~f7fcc35a2d1947f693e0732f444c406e\SyncroLive.Interface.dll.config
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\LiveAgent\app-0.0.66.14351~f7fcc35a2d1947f693e0732f444c406e\SyncroLive.Service.exe
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\LiveAgent\app-0.0.66.14351~f7fcc35a2d1947f693e0732f444c406e\SyncroLive.Service.exe.config
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\LiveAgent\app-0.0.66.14351~f7fcc35a2d1947f693e0732f444c406e\SyncroLive.Service.Runner.exe
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\LiveAgent\app-0.0.66.14351~f7fcc35a2d1947f693e0732f444c406e\SyncroLive.WindowsInput.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\LiveAgent\app-0.0.66.14351~f7fcc35a2d1947f693e0732f444c406e\System.Management.Automation.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\LiveAgent\app-0.0.66.14351~f7fcc35a2d1947f693e0732f444c406e\System.Numerics.Vectors.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\LiveAgent\app-0.0.66.14351~f7fcc35a2d1947f693e0732f444c406e\System.Runtime.CompilerServices.Unsafe.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\LiveAgent\app-0.0.66.14351~f7fcc35a2d1947f693e0732f444c406e\System.Runtime.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\LiveAgent\app-0.0.66.14351~f7fcc35a2d1947f693e0732f444c406e\System.Spatial.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\LiveAgent\app-0.0.66.14351~f7fcc35a2d1947f693e0732f444c406e\System.ValueTuple.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\LiveAgent\app-0.0.66.14351~f7fcc35a2d1947f693e0732f444c406e\Topshelf.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\LiveAgent\app-0.0.66.14351~f7fcc35a2d1947f693e0732f444c406e\UrlCombineLib.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\LiveAgent\app-0.0.66.14351~f7fcc35a2d1947f693e0732f444c406e\WebRTC.NET.SDK.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\LiveAgent\app-0.0.66.14351~f7fcc35a2d1947f693e0732f444c406e\x64
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\LiveAgent\app-0.0.66.14351~f7fcc35a2d1947f693e0732f444c406e\x64\turbojpeg.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\LiveAgent\app-0.0.66.14351~f7fcc35a2d1947f693e0732f444c406e\x64\WebRTC.Native.Internal.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\LiveAgent\app-0.0.66.14351~f7fcc35a2d1947f693e0732f444c406e\x86
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\LiveAgent\app-0.0.66.14351~f7fcc35a2d1947f693e0732f444c406e\x86\turbojpeg.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\LiveAgent\app-0.0.66.14351~f7fcc35a2d1947f693e0732f444c406e\x86\WebRTC.Native.Internal.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\LiveAgent\app-0.0.66.14351~f7fcc35a2d1947f693e0732f444c406e\ZetaLongPaths.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\LiveAgent\app-0.0.66.14351~f7fcc35a2d1947f693e0732f444c406e\config.json.{83e6fab5-4386-4338-bfa9-f383adf3dcd4}
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\LiveAgent\packages
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\LiveAgent\packages\RELEASES
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\LiveAgent\app-0.0.68.15635~b3ea396ce3964d88b4b8425873431883
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\LiveAgent\app-0.0.68.15635~b3ea396ce3964d88b4b8425873431883\Cassia.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\LiveAgent\app-0.0.68.15635~b3ea396ce3964d88b4b8425873431883\CSharpFunctionalExtensions.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\LiveAgent\app-0.0.68.15635~b3ea396ce3964d88b4b8425873431883\DeltaCompressionDotNet.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\LiveAgent\app-0.0.68.15635~b3ea396ce3964d88b4b8425873431883\deniszykov.WebSocketListener.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\LiveAgent\app-0.0.68.15635~b3ea396ce3964d88b4b8425873431883\Destructurama.Attributed.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\LiveAgent\app-0.0.68.15635~b3ea396ce3964d88b4b8425873431883\FluentCommandLineParser.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\LiveAgent\app-0.0.68.15635~b3ea396ce3964d88b4b8425873431883\Flurl.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\LiveAgent\app-0.0.68.15635~b3ea396ce3964d88b4b8425873431883\Flurl.Http.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\LiveAgent\app-0.0.68.15635~b3ea396ce3964d88b4b8425873431883\Interop.NetFwTypeLib.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\LiveAgent\app-0.0.68.15635~b3ea396ce3964d88b4b8425873431883\JetBrains.Annotations.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\LiveAgent\app-0.0.68.15635~b3ea396ce3964d88b4b8425873431883\Microsoft.Web.XmlTransform.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\LiveAgent\app-0.0.68.15635~b3ea396ce3964d88b4b8425873431883\Mono.Cecil.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\LiveAgent\app-0.0.68.15635~b3ea396ce3964d88b4b8425873431883\Newtonsoft.Json.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\LiveAgent\app-0.0.68.15635~b3ea396ce3964d88b4b8425873431883\NuGet.Squirrel.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\LiveAgent\app-0.0.68.15635~b3ea396ce3964d88b4b8425873431883\OpenHardwareMonitorLib.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\LiveAgent\app-0.0.68.15635~b3ea396ce3964d88b4b8425873431883\RepairTech.Common.Tools.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\LiveAgent\app-0.0.68.15635~b3ea396ce3964d88b4b8425873431883\RepairTech.Common.Wpf.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\LiveAgent\app-0.0.68.15635~b3ea396ce3964d88b4b8425873431883\RollbarSharp.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\LiveAgent\app-0.0.68.15635~b3ea396ce3964d88b4b8425873431883\Serilog.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\LiveAgent\app-0.0.68.15635~b3ea396ce3964d88b4b8425873431883\Serilog.Formatting.Compact.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\LiveAgent\app-0.0.68.15635~b3ea396ce3964d88b4b8425873431883\Serilog.Sinks.Console.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\LiveAgent\app-0.0.68.15635~b3ea396ce3964d88b4b8425873431883\Serilog.Sinks.File.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\LiveAgent\app-0.0.68.15635~b3ea396ce3964d88b4b8425873431883\Serilog.Sinks.Literate.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\LiveAgent\app-0.0.68.15635~b3ea396ce3964d88b4b8425873431883\SharpDX.Direct3D11.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\LiveAgent\app-0.0.68.15635~b3ea396ce3964d88b4b8425873431883\SharpDX.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\LiveAgent\app-0.0.68.15635~b3ea396ce3964d88b4b8425873431883\SharpDX.DXGI.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\LiveAgent\app-0.0.68.15635~b3ea396ce3964d88b4b8425873431883\SharpDX.Mathematics.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\LiveAgent\app-0.0.68.15635~b3ea396ce3964d88b4b8425873431883\Splat.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\LiveAgent\app-0.0.68.15635~b3ea396ce3964d88b4b8425873431883\Squirrel.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\LiveAgent\app-0.0.68.15635~b3ea396ce3964d88b4b8425873431883\SyncroLive.Agent.exe
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\LiveAgent\app-0.0.68.15635~b3ea396ce3964d88b4b8425873431883\SyncroLive.Agent.exe.config
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\LiveAgent\app-0.0.68.15635~b3ea396ce3964d88b4b8425873431883\SyncroLive.Agent.Runner.exe
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\LiveAgent\app-0.0.68.15635~b3ea396ce3964d88b4b8425873431883\SyncroLive.Interface.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\LiveAgent\app-0.0.68.15635~b3ea396ce3964d88b4b8425873431883\SyncroLive.Interface.dll.config
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\LiveAgent\app-0.0.68.15635~b3ea396ce3964d88b4b8425873431883\SyncroLive.Service.exe
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\LiveAgent\app-0.0.68.15635~b3ea396ce3964d88b4b8425873431883\SyncroLive.Service.exe.config
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\LiveAgent\app-0.0.68.15635~b3ea396ce3964d88b4b8425873431883\SyncroLive.Service.Runner.exe
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\LiveAgent\app-0.0.68.15635~b3ea396ce3964d88b4b8425873431883\SyncroLive.WindowsInput.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\LiveAgent\app-0.0.68.15635~b3ea396ce3964d88b4b8425873431883\System.Management.Automation.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\LiveAgent\app-0.0.68.15635~b3ea396ce3964d88b4b8425873431883\System.Numerics.Vectors.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\LiveAgent\app-0.0.68.15635~b3ea396ce3964d88b4b8425873431883\System.Runtime.CompilerServices.Unsafe.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\LiveAgent\app-0.0.68.15635~b3ea396ce3964d88b4b8425873431883\System.Runtime.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\LiveAgent\app-0.0.68.15635~b3ea396ce3964d88b4b8425873431883\System.ValueTuple.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\LiveAgent\app-0.0.68.15635~b3ea396ce3964d88b4b8425873431883\Topshelf.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\LiveAgent\app-0.0.68.15635~b3ea396ce3964d88b4b8425873431883\UrlCombineLib.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\LiveAgent\app-0.0.68.15635~b3ea396ce3964d88b4b8425873431883\WebRTC.NET.SDK.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\LiveAgent\app-0.0.68.15635~b3ea396ce3964d88b4b8425873431883\x64
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\LiveAgent\app-0.0.68.15635~b3ea396ce3964d88b4b8425873431883\x64\turbojpeg.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\LiveAgent\app-0.0.68.15635~b3ea396ce3964d88b4b8425873431883\x64\WebRTC.Native.Internal.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\LiveAgent\app-0.0.68.15635~b3ea396ce3964d88b4b8425873431883\x86
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\LiveAgent\app-0.0.68.15635~b3ea396ce3964d88b4b8425873431883\x86\turbojpeg.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\LiveAgent\app-0.0.68.15635~b3ea396ce3964d88b4b8425873431883\x86\WebRTC.Native.Internal.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\LiveAgent\app-0.0.68.15635~b3ea396ce3964d88b4b8425873431883\ZetaLongPaths.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\LiveAgent\app-0.0.68.15635~b3ea396ce3964d88b4b8425873431883\config.json.{f7b140d2-12d9-49a3-9446-2dafaa3ccd88}
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\LiveAgent\SyncroLive.Service.Runner.exe
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\LiveAgent\SyncroLive.Agent.Runner.exe
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\7za-x64.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\7za-x86.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\ar-SA
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\ar-SA\Syncro.App.resources.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\Autofac.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\config.json
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\cs-CZ
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\cs-CZ\Syncro.App.resources.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\CSharpFunctionalExtensions.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\da-DK
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\da-DK\Syncro.App.resources.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\de-DE
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\de-DE\Syncro.App.resources.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\DeltaCompressionDotNet.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\Destructurama.Attributed.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\el-GR
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\el-GR\Syncro.App.resources.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\en
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\en\Syncro.App.resources.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\en\Syncro.Uninstaller.resources.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\es-ES
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\es-ES\Syncro.App.resources.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\fi-FI
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\fi-FI\Syncro.App.resources.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\FluentCommandLineParser.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\Flurl.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\Flurl.Http.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\fr-FR
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\fr-FR\Syncro.App.resources.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\ICSharpCode.SharpZipLib.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\Images
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\Images\chat-bubbles-icon.png
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\Images\custom-logo.png
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\Images\kabuto-logo.ico
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\Interop.IWshRuntimeLibrary.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\Interop.NetFwTypeLib.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\Interop.WUApiLib.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\it-IT
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\it-IT\Syncro.App.resources.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\Itenso.TimePeriod.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\ja-JP
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\ja-JP\Syncro.App.resources.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\JetBrains.Annotations.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\MetroFramework.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\MetroFramework.Fonts.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\Microsoft.Bcl.AsyncInterfaces.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\Microsoft.Web.XmlTransform.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\Microsoft.Win32.TaskScheduler.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\Mono.Cecil.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\Newtonsoft.Json.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\nl-NL
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\nl-NL\Syncro.App.resources.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\NuGet.Squirrel.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\Phoenix.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\pt-BR
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\pt-BR\Syncro.App.resources.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\RepairTech.Common.Tools.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\RepairTech.Common.Wpf.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\RollbarSharp.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\ru-RU
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\ru-RU\Syncro.App.resources.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\Serilog.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\Serilog.Formatting.Compact.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\Serilog.Sinks.Console.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\Serilog.Sinks.File.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\Serilog.Sinks.Literate.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\SevenZipSharp.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\SharpSnmpLib.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\sl-SI
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\sl-SI\Syncro.App.resources.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\Splat.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\Squirrel.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\Syncro.App.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\Syncro.App.dll.config
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\Syncro.App.Runner.exe
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\Syncro.Contracts.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\Syncro.Service.Configuration.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\Syncro.Service.exe
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\Syncro.Service.exe.config
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\Syncro.Service.Interfaces.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\Syncro.Service.Models.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\Syncro.Service.Runner.exe
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\Syncro.Service.Services.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\Syncro.Tools.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\Syncro.Uninstaller.exe
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\Syncro.Uninstaller.exe.config
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\Syncro.Uninstaller.Tools.exe
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\Syncro.Uninstaller.Tools.exe.config
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\System.Net.WebSockets.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\System.Runtime.CompilerServices.Unsafe.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\System.Runtime.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\System.Security.Cryptography.Algorithms.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\System.Security.Cryptography.Encoding.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\System.Security.Cryptography.Primitives.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\System.Security.Cryptography.X509Certificates.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\System.Threading.Tasks.Extensions.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\System.ValueTuple.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\Telerik.Windows.Controls.ConversationalUI.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\Telerik.Windows.Controls.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\Telerik.Windows.Controls.Input.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\Telerik.Windows.Controls.Navigation.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\Telerik.Windows.Data.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\UrlCombineLib.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\websocket-sharp.dll
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\zh-CHS
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Directory created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\zh-CHS\Syncro.App.resources.dll
Source: C:\Program Files\RepairTech\LiveAgent\SyncroLive.Agent.Runner.exe Directory created: C:\Program Files\RepairTech\LiveAgent\app-0.0.68.15635\OpenHardwareMonitorLib.sys
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Syncro Jump to behavior
Source: INVOICE31401001340.exe Static PE information: certificate valid
Source: INVOICE31401001340.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
Source: INVOICE31401001340.exe Static PE information: Virtual size of .text is bigger than: 0x100000
Source: INVOICE31401001340.exe Static file information: File size 7407480 > 1048576
Source: INVOICE31401001340.exe Static PE information: Raw size of .text is bigger than: 0x100000 < 0x708800
Source: INVOICE31401001340.exe Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Source: INVOICE31401001340.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: C:\custombuilds\syncro\prod\master\Syncro.Service.Interfaces\obj\Release\net462\Syncro.Service.Interfaces.pdb source: Syncro.Installer.exe, 00000002.00000002.2309646185.0000021C0041A000.00000004.00000800.00020000.00000000.sdmp, Syncro.Installer.exe, 00000002.00000002.2309646185.0000021C00433000.00000004.00000800.00020000.00000000.sdmp, Syncro.Installer.exe, 00000002.00000002.2309646185.0000021C00447000.00000004.00000800.00020000.00000000.sdmp, Syncro.Installer.exe, 00000002.00000002.2326226013.0000021C75CA0000.00000004.08000000.00040000.00000000.sdmp, Syncro.Service.Runner.exe, 00000009.00000002.3371865466.0000022A61312000.00000002.00000001.01000000.0000002F.sdmp
Source: Binary string: C:\projects\restsharp\RestSharp\obj\Release\net452\RestSharp.pdbI source: Syncro.Service.Runner.exe, 00000009.00000002.3483896621.0000022A7A282000.00000002.00000001.01000000.00000038.sdmp
Source: Binary string: C:\TeamCity\buildAgent\work\5410ab877c27fda6\KabutoLive.Service\obj\Release\SyncroLive.Service.pdb source: SyncroLive.Service.Runner.exe, 0000001C.00000002.3587090605.00000238544F2000.00000002.00000001.01000000.00000042.sdmp
Source: Binary string: c:\DeveloperTooling_Agent13\_work\103\s\Controls\Input\obj\Release45\Telerik.Windows.Controls.Input.pdb source: Syncro.Installer.exe, 00000002.00000002.2309646185.0000021C0010A000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: C:\TeamCity\buildAgent\work\5410ab877c27fda6\KabutoLive.Service\obj\Release\SyncroLive.Service.pdb{ source: SyncroLive.Service.Runner.exe, 0000001C.00000002.3587090605.00000238544F2000.00000002.00000001.01000000.00000042.sdmp
Source: Binary string: C:\projects\autofac\src\Autofac\obj\Release\net461\Autofac.pdbSHA256 source: Syncro.Service.Runner.exe, 00000009.00000002.3372746246.0000022A613B2000.00000002.00000001.01000000.00000030.sdmp, Syncro.Overmind.Service.exe, 0000000E.00000002.2463649611.00000172064D0000.00000004.08000000.00040000.00000000.sdmp
Source: Binary string: /_/src/Flurl.Http/obj/Release/net461/Flurl.Http.pdb source: Syncro.Overmind.Service.exe, 0000000E.00000002.2464154751.0000017206540000.00000004.08000000.00040000.00000000.sdmp
Source: Binary string: C:\custombuilds\syncro\prod\master\repairtech-tools\Squirrel.Windows\vendor\nuget\src\Core\obj\Release\NuGet.Squirrel.pdb source: Syncro.Service.Runner.exe, 00000009.00000002.3492596712.0000022A7A5E2000.00000002.00000001.01000000.0000003C.sdmp
Source: Binary string: \??\C:\Windows\symbols\dll\System.ServiceModel.Internals.pdbc561934e089 source: Syncro.App.Runner.exe, 00000015.00000002.3411155020.000002077304F000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\custombuilds\syncro\prod\master\Kabuto.Installer\obj\Release\Syncro.Installer.pdb source: INVOICE31401001340.exe, 00000000.00000002.2353079397.0000000013189000.00000004.00000800.00020000.00000000.sdmp, INVOICE31401001340.exe, 00000000.00000000.2120038499.0000000000672000.00000002.00000001.01000000.00000003.sdmp, Syncro.Installer.exe, 00000002.00000000.2130594520.0000021C72832000.00000002.00000001.01000000.00000006.sdmp
Source: Binary string: D:\dev\github\UrlCombine\UrlCombineLib\obj\Debug\net40\UrlCombineLib.pdba+{+ m+_CorDllMainmscoree.dll source: Syncro.Installer.exe, 00000002.00000002.2309646185.0000021C0026E000.00000004.00000800.00020000.00000000.sdmp, Syncro.Installer.exe, 00000002.00000002.2323567092.0000021C756C0000.00000004.08000000.00040000.00000000.sdmp, Syncro.Installer.exe, 00000002.00000002.2309646185.0000021C002E9000.00000004.00000800.00020000.00000000.sdmp, Syncro.Service.Runner.exe, 00000009.00000002.3495322136.0000022A7A872000.00000002.00000001.01000000.0000003E.sdmp, Syncro.Overmind.Service.exe, 00000011.00000002.3594084272.0000023C0F7E9000.00000004.00000800.00020000.00000000.sdmp, Syncro.Overmind.Service.exe, 00000011.00000002.3594084272.0000023C0F7FD000.00000004.00000800.00020000.00000000.sdmp, Syncro.Overmind.Service.exe, 00000011.00000002.3594084272.0000023C0F7CD000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: C:\custombuilds\syncro\prod\master\Kabuto.Service.Configuration\obj\Release\Syncro.Service.Configuration.pdb source: Syncro.Service.Runner.exe, 00000009.00000002.3482754410.0000022A79FD2000.00000002.00000001.01000000.00000036.sdmp
Source: Binary string: System.pdbs\CLSID\{0A29FF9E-7F9C-4437-8B11-F424491E3931}\InprocServer32 source: Syncro.App.Runner.exe, 00000015.00000002.3411155020.000002077304F000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Windows\System.ServiceModel.Internals.pdbpdbals.pdb[fo# source: Syncro.App.Runner.exe, 00000015.00000002.3411155020.000002077304F000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: 0C:\Windows\mscorlib.pdb source: SyncroLive.Agent.Runner.exe, 0000001D.00000002.3570752750.0000005BFC9EE000.00000004.00000010.00020000.00000000.sdmp
Source: Binary string: y:\code\paulcbetts\splat\Splat\obj\Release\Net45\Splat.pdb source: Syncro.Service.Runner.exe, 00000009.00000002.3484702294.0000022A7A2B2000.00000002.00000001.01000000.00000039.sdmp
Source: Binary string: \??\C:\Windows\dll\System.ServiceModel.Internals.pdb source: Syncro.App.Runner.exe, 00000015.00000002.3411155020.000002077304F000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\garre\Documents\Visual Studio 2015\Projects\metroframework\MetroFramework.Fonts\obj\Debug\MetroFramework.Fonts.pdb source: Syncro.Installer.exe, 00000002.00000002.2326805739.0000021C771E0000.00000004.08000000.00040000.00000000.sdmp
Source: Binary string: C:\projects\flurl\src\Flurl\obj\Release\net461\Flurl.pdb source: Syncro.Installer.exe, 00000002.00000002.2309646185.0000021C00447000.00000004.00000800.00020000.00000000.sdmp, Syncro.Installer.exe, 00000002.00000002.2309646185.0000021C0048A000.00000004.00000800.00020000.00000000.sdmp, Syncro.Installer.exe, 00000002.00000002.2326708476.0000021C770F0000.00000004.08000000.00040000.00000000.sdmp, Syncro.Service.Runner.exe, 00000009.00000002.3494544518.0000022A7A682000.00000002.00000001.01000000.0000003D.sdmp
Source: Binary string: C:\custombuilds\syncro\prod\master\Syncro.Service.Services\obj\Release\net462\Syncro.Service.Services.pdb source: Syncro.Installer.exe, 00000002.00000002.2309646185.0000021C0041A000.00000004.00000800.00020000.00000000.sdmp, Syncro.Installer.exe, 00000002.00000002.2309646185.0000021C00404000.00000004.00000800.00020000.00000000.sdmp, Syncro.Installer.exe, 00000002.00000002.2309646185.0000021C003E9000.00000004.00000800.00020000.00000000.sdmp, Syncro.Installer.exe, 00000002.00000002.2326198935.0000021C75C90000.00000004.08000000.00040000.00000000.sdmp, Syncro.Service.Runner.exe, 00000009.00000002.3474074748.0000022A79D33000.00000002.00000001.01000000.00000032.sdmp
Source: Binary string: C:\custombuilds\syncro\prod\master\external\filepusher\FilePusher\obj\Release\FilePusher.pdb source: Syncro.Installer.exe, 00000002.00000002.2324699686.0000021C75AE0000.00000004.08000000.00040000.00000000.sdmp, Syncro.Service.Runner.exe, 00000009.00000002.3474168240.0000022A79D42000.00000002.00000001.01000000.00000033.sdmp
Source: Binary string: C:\custombuilds\syncro\prod\master\Syncro.Service.Models\obj\Release\net462\Syncro.Service.Models.pdb source: Syncro.Installer.exe, 00000002.00000002.2309646185.0000021C003BA000.00000004.00000800.00020000.00000000.sdmp, Syncro.Installer.exe, 00000002.00000002.2326155846.0000021C75C80000.00000004.08000000.00040000.00000000.sdmp, Syncro.Installer.exe, 00000002.00000002.2309646185.0000021C003E9000.00000004.00000800.00020000.00000000.sdmp, Syncro.Installer.exe, 00000002.00000002.2309646185.0000021C003D3000.00000004.00000800.00020000.00000000.sdmp, Syncro.Service.Runner.exe, 00000009.00000002.3473911585.0000022A79CE2000.00000002.00000001.01000000.00000031.sdmp
Source: Binary string: C:\projects\serilog-sinks-file\src\Serilog.Sinks.File\obj\Release\net45\Serilog.Sinks.File.pdbSHA256 source: Syncro.Overmind.Service.exe, 0000000E.00000002.2472791182.000001721EC60000.00000004.08000000.00040000.00000000.sdmp
Source: Binary string: C:\Users\garre\Documents\Visual Studio 2015\Projects\metroframework\MetroFramework\obj\Debug\MetroFramework.pdb source: Syncro.Installer.exe, 00000002.00000002.2320422475.0000021C74AE0000.00000004.08000000.00040000.00000000.sdmp, Syncro.Installer.exe, 00000002.00000002.2316441248.0000021C100F2000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 0000000D.00000002.2919496731.0000021356F92000.00000002.00000001.01000000.00000022.sdmp
Source: Binary string: C:\projects\serilog-formatting-compact\src\Serilog.Formatting.Compact\obj\Release\net452\Serilog.Formatting.Compact.pdb source: Syncro.Installer.exe, 00000002.00000002.2321372513.0000021C74C10000.00000004.08000000.00040000.00000000.sdmp, Syncro.App.Runner.exe, 0000000D.00000002.2910799163.0000021356572000.00000002.00000001.01000000.00000015.sdmp
Source: Binary string: C:\custombuilds\syncro\prod\master\repairtech-tools\RepairTech.Common.Wpf\obj\Release\net462\RepairTech.Common.Wpf.pdb source: Syncro.App.Runner.exe, 0000000D.00000002.2920973719.00000213583C2000.00000002.00000001.01000000.00000023.sdmp
Source: Binary string: C:\projects\autofac\src\Autofac\obj\Release\net461\Autofac.pdb source: Syncro.Service.Runner.exe, 00000009.00000002.3372746246.0000022A613B2000.00000002.00000001.01000000.00000030.sdmp, Syncro.Overmind.Service.exe, 0000000E.00000002.2463649611.00000172064D0000.00000004.08000000.00040000.00000000.sdmp
Source: Binary string: C:\custombuilds\syncro\prod\master\Syncro.Service.Services\obj\Release\net462\Syncro.Service.Services.pdbSHA256d5G source: Syncro.Service.Runner.exe, 00000009.00000002.3474074748.0000022A79D33000.00000002.00000001.01000000.00000032.sdmp
Source: Binary string: c:\DeveloperTooling_Agent13\_work\103\s\Controls\Navigation\obj\Release45\Telerik.Windows.Controls.Navigation.pdb source: Syncro.Overmind.Service.exe, 00000011.00000002.3707462292.0000023C1F34F000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: C:\custombuilds\syncro\prod\master\repairtech-tools\3rdparty\PhoenixSharp\Phoenix\obj\Release\net45\Phoenix.pdbSHA2561 source: Syncro.Service.Runner.exe, 00000009.00000002.3482482309.0000022A79FC2000.00000002.00000001.01000000.00000035.sdmp
Source: Binary string: d:\_Bld\1966\2780\Sources\obj\AnyCPU\Release\Microsoft.Data.Edm.csproj\Desktop\Microsoft.Data.Edm.pdb source: Microsoft.Data.Edm.dll.2.dr
Source: Binary string: \??\C:\Windows\symbols\dll\System.pdbdbS source: Syncro.App.Runner.exe, 00000015.00000002.3411155020.000002077304F000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Windows\System.pdb source: Syncro.App.Runner.exe, 00000015.00000002.3411155020.000002077304F000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\projects\serilog-formatting-compact\src\Serilog.Formatting.Compact\obj\Release\net452\Serilog.Formatting.Compact.pdbSHA256 source: Syncro.Installer.exe, 00000002.00000002.2321372513.0000021C74C10000.00000004.08000000.00040000.00000000.sdmp, Syncro.App.Runner.exe, 0000000D.00000002.2910799163.0000021356572000.00000002.00000001.01000000.00000015.sdmp
Source: Binary string: C:\Sources\CSharpFunctionalExtensions\CSharpFunctionalExtensions\obj\Debug\net461\CSharpFunctionalExtensions.pdbSHA256` source: Syncro.Installer.exe, 00000002.00000002.2320142547.0000021C732F0000.00000004.08000000.00040000.00000000.sdmp, Syncro.Service.Runner.exe, 00000009.00000002.3481695293.0000022A79F52000.00000002.00000001.01000000.00000034.sdmp
Source: Binary string: C:\custombuilds\syncro\prod\master\Syncro.Service.Models\obj\Release\net462\Syncro.Service.Models.pdbSHA256J source: Syncro.Installer.exe, 00000002.00000002.2309646185.0000021C003BA000.00000004.00000800.00020000.00000000.sdmp, Syncro.Installer.exe, 00000002.00000002.2326155846.0000021C75C80000.00000004.08000000.00040000.00000000.sdmp, Syncro.Installer.exe, 00000002.00000002.2309646185.0000021C003E9000.00000004.00000800.00020000.00000000.sdmp, Syncro.Installer.exe, 00000002.00000002.2309646185.0000021C003D3000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: /_/artifacts/obj/Microsoft.Bcl.AsyncInterfaces/net461-Release/Microsoft.Bcl.AsyncInterfaces.pdb source: Syncro.Service.Runner.exe, 00000009.00000002.3371363933.0000022A612F2000.00000002.00000001.01000000.0000002D.sdmp
Source: Binary string: \??\C:\Windows\symbols\dll\System.ServiceModel.Internals.pdb source: Syncro.App.Runner.exe, 00000015.00000002.3411155020.000002077304F000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Projects\serilog-sinks-rollbar\src\Serilog.Sinks.RollbarCom\obj\Release\net452\Serilog.Sinks.RollbarCom.pdbSHA256 source: Syncro.Overmind.Service.exe, 0000000E.00000002.2473696770.000001721ECB0000.00000004.08000000.00040000.00000000.sdmp
Source: Binary string: c:\projects\rollbarsharp\src\RollbarSharp\obj\Release\RollbarSharp.pdb source: Syncro.App.Runner.exe, 0000000D.00000002.2915268034.0000021356872000.00000002.00000001.01000000.0000001D.sdmp
Source: Binary string: C:\custombuilds\syncro\prod\master\repairtech-tools\RepairTech.Common.Tools\obj\Release\RepairTech.Common.Tools.pdb source: Syncro.Installer.exe, 00000002.00000002.2321024872.0000021C74BA0000.00000004.08000000.00040000.00000000.sdmp, Syncro.App.Runner.exe, 0000000D.00000002.2912047016.0000021356632000.00000002.00000001.01000000.00000018.sdmp
Source: Binary string: C:\projects\topshelf\src\Topshelf\obj\Release\net452\Topshelf.pdbSHA256 source: SyncroLive.Service.Runner.exe, 0000001C.00000002.3600010389.00000238546D2000.00000002.00000001.01000000.0000004F.sdmp
Source: Binary string: C:\custombuilds\syncro\prod\master\Syncro.Service.Interfaces\obj\Release\net462\Syncro.Service.Interfaces.pdbSHA256 source: Syncro.Installer.exe, 00000002.00000002.2309646185.0000021C0041A000.00000004.00000800.00020000.00000000.sdmp, Syncro.Installer.exe, 00000002.00000002.2309646185.0000021C00433000.00000004.00000800.00020000.00000000.sdmp, Syncro.Installer.exe, 00000002.00000002.2309646185.0000021C00447000.00000004.00000800.00020000.00000000.sdmp, Syncro.Installer.exe, 00000002.00000002.2326226013.0000021C75CA0000.00000004.08000000.00040000.00000000.sdmp
Source: Binary string: [indoC:\Windows\mscorlib.pdb source: SyncroLive.Agent.Runner.exe, 0000001D.00000002.3570752750.0000005BFC9EE000.00000004.00000010.00020000.00000000.sdmp
Source: Binary string: mscorlib.pdb source: SyncroLive.Agent.Runner.exe, 0000001D.00000002.3570752750.0000005BFC9EE000.00000004.00000010.00020000.00000000.sdmp
Source: Binary string: c:\DeveloperTooling_Agent13\_work\103\s\Core\Data\obj\Release45\Telerik.Windows.Data.pdb source: Syncro.Installer.exe, 00000002.00000002.2309646185.0000021C0026E000.00000004.00000800.00020000.00000000.sdmp, Syncro.Overmind.Service.exe, 00000011.00000002.3707462292.0000023C1F245000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: C:\custombuilds\syncro\prod\master\Syncro.Service.Models\obj\Release\net462\Syncro.Service.Models.pdbSHA256 source: Syncro.Service.Runner.exe, 00000009.00000002.3473911585.0000022A79CE2000.00000002.00000001.01000000.00000031.sdmp
Source: Binary string: C:\Users\dahall\Documents\Visual Studio 2010\Projects\TaskService\obj\Release\Microsoft.Win32.TaskScheduler.pdb source: Syncro.Service.Runner.exe, 00000009.00000002.3482920323.0000022A79FF2000.00000002.00000001.01000000.00000037.sdmp
Source: Binary string: C:\projects\topshelf\src\Topshelf.Serilog\obj\Release\net452\Topshelf.Serilog.pdbSHA256 source: Syncro.Overmind.Service.exe, 0000000E.00000002.2464315427.000001720664B000.00000004.00000800.00020000.00000000.sdmp, Syncro.Overmind.Service.exe, 0000000E.00000002.2473741875.000001721ED80000.00000004.08000000.00040000.00000000.sdmp, Syncro.Overmind.Service.exe, 0000000E.00000002.2464315427.0000017206614000.00000004.00000800.00020000.00000000.sdmp, Syncro.Overmind.Service.exe, 0000000E.00000002.2464315427.0000017206661000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.pdb source: Syncro.App.Runner.exe, 00000015.00000002.3401926582.0000020770B98000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: [C:\Windows\Microsoft.Net\assembly\GAC_64\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdbxo) source: SyncroLive.Agent.Runner.exe, 0000001D.00000002.3570752750.0000005BFC9EE000.00000004.00000010.00020000.00000000.sdmp
Source: Binary string: C:\projects\attributed\src\Destructurama.Attributed\obj\Release\netstandard1.1\Destructurama.Attributed.pdb source: Syncro.Installer.exe, 00000002.00000002.2320838041.0000021C74B60000.00000004.08000000.00040000.00000000.sdmp, Syncro.App.Runner.exe, 0000000D.00000002.2910488672.0000021356552000.00000002.00000001.01000000.00000013.sdmp
Source: Binary string: C:\TeamCity\buildAgent\work\5410ab877c27fda6\repairtech-tools\RepairTech.Common.Tools\obj\Release\RepairTech.Common.Tools.pdbV source: SyncroLive.Service.Runner.exe, 0000001C.00000002.3588941982.0000023854572000.00000002.00000001.01000000.00000047.sdmp
Source: Binary string: C:\projects\serilog-sinks-console\src\Serilog.Sinks.Console\obj\Release\net45\Serilog.Sinks.Console.pdbP source: Syncro.Installer.exe, 00000002.00000002.2321907299.0000021C75430000.00000004.08000000.00040000.00000000.sdmp, Syncro.App.Runner.exe, 0000000D.00000002.2915420583.0000021356882000.00000002.00000001.01000000.0000001E.sdmp
Source: Binary string: c:\projects\rollbarsharp\src\RollbarSharp\obj\Release\RollbarSharp.pdbp source: Syncro.App.Runner.exe, 0000000D.00000002.2915268034.0000021356872000.00000002.00000001.01000000.0000001D.sdmp
Source: Binary string: \??\C:\Windows\dll\System.pdbn source: Syncro.App.Runner.exe, 00000015.00000002.3411155020.0000020773017000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\custombuilds\syncro\prod\master\repairtech-tools\RepairTech.Common.Wpf\obj\Release\net462\RepairTech.Common.Wpf.pdbSHA256 source: Syncro.App.Runner.exe, 0000000D.00000002.2920973719.00000213583C2000.00000002.00000001.01000000.00000023.sdmp
Source: Binary string: /_/src/Serilog/obj/Release/net46/Serilog.pdbSHA256d source: Syncro.Overmind.Service.exe, 0000000E.00000002.2463966937.0000017206510000.00000004.08000000.00040000.00000000.sdmp
Source: Binary string: System.ServiceModel.Internals.pdb source: Syncro.App.Runner.exe, 00000015.00000002.3411155020.0000020773017000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\TeamCity\buildAgent\work\5410ab877c27fda6\KabutoLive.Interface\obj\Release\SyncroLive.Interface.pdb source: SyncroLive.Service.Runner.exe, 0000001C.00000002.3586844408.00000238544E2000.00000002.00000001.01000000.00000041.sdmp
Source: Binary string: System.pdbN|2h|2 Z|2_CorDllMainmscoree.dll source: Syncro.App.Runner.exe, 00000015.00000002.3411155020.0000020772FD0000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\garre\Documents\Visual Studio 2015\Projects\metroframework\MetroFramework\obj\Debug\MetroFramework.pdb<r source: Syncro.Installer.exe, 00000002.00000002.2320422475.0000021C74AE0000.00000004.08000000.00040000.00000000.sdmp, Syncro.Installer.exe, 00000002.00000002.2316441248.0000021C100F2000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 0000000D.00000002.2919496731.0000021356F92000.00000002.00000001.01000000.00000022.sdmp
Source: Binary string: /_/src/Serilog/obj/Release/net46/Serilog.pdb source: Syncro.Overmind.Service.exe, 0000000E.00000002.2463966937.0000017206510000.00000004.08000000.00040000.00000000.sdmp
Source: Binary string: \??\C:\Windows\dll\System.ServiceModel.Internals.pdbu source: Syncro.App.Runner.exe, 00000015.00000002.3411155020.000002077304F000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: symbols\dll\mscorlib.pdbpdb) source: SyncroLive.Agent.Runner.exe, 0000001D.00000002.3570752750.0000005BFC9EE000.00000004.00000010.00020000.00000000.sdmp
Source: Binary string: C:\TeamCity\buildAgent\work\5445af565e77c952\servicing\Syncro.Common\obj\Release\net462\Syncro.Common.pdb source: Syncro.Overmind.Service.exe, 0000000E.00000002.2463371105.0000017206490000.00000004.08000000.00040000.00000000.sdmp
Source: Binary string: C:\TeamCity\buildAgent\work\5410ab877c27fda6\repairtech-tools\Squirrel.Windows\vendor\nuget\src\Core\obj\Release\NuGet.Squirrel.pdb source: SyncroLive.Service.Runner.exe, 0000001C.00000002.3723346956.000002386D032000.00000002.00000001.01000000.00000051.sdmp
Source: Binary string: mscorlib.pdbcorlib.pdbpdblib.pdbC_64\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdb source: SyncroLive.Agent.Runner.exe, 0000001D.00000002.3570752750.0000005BFC9EE000.00000004.00000010.00020000.00000000.sdmp
Source: Binary string: C:\TeamCity\buildAgent\work\5410ab877c27fda6\repairtech-tools\RepairTech.Common.Tools\obj\Release\RepairTech.Common.Tools.pdb source: SyncroLive.Service.Runner.exe, 0000001C.00000002.3588941982.0000023854572000.00000002.00000001.01000000.00000047.sdmp
Source: Binary string: C:\custombuilds\syncro\prod\master\external\filepusher\FilePusher\obj\Release\FilePusher.pdb16K6 =6_CorExeMainmscoree.dll source: Syncro.Installer.exe, 00000002.00000002.2324699686.0000021C75AE0000.00000004.08000000.00040000.00000000.sdmp, Syncro.Service.Runner.exe, 00000009.00000002.3474168240.0000022A79D42000.00000002.00000001.01000000.00000033.sdmp
Source: Binary string: C:\custombuilds\syncro\prod\master\Kabuto.Contracts\obj\Release\Syncro.Contracts.pdb source: Syncro.Installer.exe, 00000002.00000002.2320882524.0000021C74B70000.00000004.08000000.00040000.00000000.sdmp, Syncro.App.Runner.exe, 0000000D.00000002.2914720136.00000213567B2000.00000002.00000001.01000000.0000001A.sdmp
Source: Binary string: Z:\TeamCityAgent\work\ca2a746ef7596f45\FluentCommandLineParser\obj\Release\FluentCommandLineParser.pdb source: Syncro.Installer.exe, 00000002.00000002.2321418166.0000021C74C40000.00000004.08000000.00040000.00000000.sdmp, Syncro.App.Runner.exe, 0000000D.00000002.2915565224.00000213568B2000.00000002.00000001.01000000.0000001F.sdmp
Source: Binary string: C:\Progr.pdb source: SyncroLive.Agent.Runner.exe, 0000001D.00000002.3570752750.0000005BFC9EE000.00000004.00000010.00020000.00000000.sdmp
Source: Binary string: C:\projects\topshelf\src\Topshelf\obj\Release\net452\Topshelf.pdbSHA256\ source: Syncro.Overmind.Service.exe, 0000000E.00000002.2472463445.000001721EC30000.00000004.08000000.00040000.00000000.sdmp, Syncro.Overmind.Service.exe, 0000000E.00000002.2467329958.0000017216854000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: D:\dev\github\UrlCombine\UrlCombineLib\obj\Debug\net40\UrlCombineLib.pdb source: Syncro.Installer.exe, 00000002.00000002.2309646185.0000021C0026E000.00000004.00000800.00020000.00000000.sdmp, Syncro.Installer.exe, 00000002.00000002.2323567092.0000021C756C0000.00000004.08000000.00040000.00000000.sdmp, Syncro.Installer.exe, 00000002.00000002.2309646185.0000021C002E9000.00000004.00000800.00020000.00000000.sdmp, Syncro.Service.Runner.exe, 00000009.00000002.3495322136.0000022A7A872000.00000002.00000001.01000000.0000003E.sdmp, Syncro.Overmind.Service.exe, 00000011.00000002.3594084272.0000023C0F7E9000.00000004.00000800.00020000.00000000.sdmp, Syncro.Overmind.Service.exe, 00000011.00000002.3594084272.0000023C0F7FD000.00000004.00000800.00020000.00000000.sdmp, Syncro.Overmind.Service.exe, 00000011.00000002.3594084272.0000023C0F7CD000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: z:\Builds\work\23f7f5f0221f789c\FluentCommandLineParser\obj\release\FluentCommandLineParser.pdb source: SyncroLive.Service.Runner.exe, 0000001C.00000002.3599319605.00000238546B2000.00000002.00000001.01000000.0000004E.sdmp
Source: Binary string: C:\custombuilds\syncro\prod\master\repairtech-tools\RepairTech.Common.Tools\obj\Release\RepairTech.Common.Tools.pdbl source: Syncro.App.Runner.exe, 0000000D.00000002.2912047016.0000021356632000.00000002.00000001.01000000.00000018.sdmp
Source: Binary string: C:\TeamCity\buildAgent\work\5445af565e77c952\servicing\Syncro.Common\obj\Release\net462\Syncro.Common.pdbSHA256 source: Syncro.Overmind.Service.exe, 0000000E.00000002.2463371105.0000017206490000.00000004.08000000.00040000.00000000.sdmp
Source: Binary string: C:\TeamCity\buildAgent\work\5410ab877c27fda6\repairtech-tools\Squirrel.Windows\src\Squirrel\obj\Release\Squirrel.pdb source: SyncroLive.Service.Runner.exe, 0000001C.00000002.3594248962.0000023854622000.00000002.00000001.01000000.0000004B.sdmp
Source: Binary string: C:\custombuilds\syncro\prod\master\Kabuto.Tools\obj\Release\Syncro.Tools.pdb source: Syncro.Installer.exe, 00000002.00000002.2320738683.0000021C74B40000.00000004.08000000.00040000.00000000.sdmp, Syncro.App.Runner.exe, 0000000D.00000002.2914955107.00000213567D2000.00000002.00000001.01000000.0000001B.sdmp
Source: Binary string: C:\projects\topshelf\src\Topshelf.Serilog\obj\Release\net452\Topshelf.Serilog.pdb source: Syncro.Overmind.Service.exe, 0000000E.00000002.2464315427.000001720664B000.00000004.00000800.00020000.00000000.sdmp, Syncro.Overmind.Service.exe, 0000000E.00000002.2473741875.000001721ED80000.00000004.08000000.00040000.00000000.sdmp, Syncro.Overmind.Service.exe, 0000000E.00000002.2464315427.0000017206614000.00000004.00000800.00020000.00000000.sdmp, Syncro.Overmind.Service.exe, 0000000E.00000002.2464315427.0000017206661000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: C:\custombuilds\syncro\prod\master\Installer\obj\Release\Installer.pdbSHA256 source: INVOICE31401001340.exe, 00000000.00000000.2120038499.0000000000672000.00000002.00000001.01000000.00000003.sdmp
Source: Binary string: C:\Projects\serilog-sinks-rollbar\src\Serilog.Sinks.RollbarCom\obj\Release\net452\Serilog.Sinks.RollbarCom.pdb source: Syncro.Overmind.Service.exe, 0000000E.00000002.2473696770.000001721ECB0000.00000004.08000000.00040000.00000000.sdmp
Source: Binary string: C:\projects\flurl\src\Flurl\obj\Release\net461\Flurl.pdbSHA256 source: Syncro.Installer.exe, 00000002.00000002.2309646185.0000021C00447000.00000004.00000800.00020000.00000000.sdmp, Syncro.Installer.exe, 00000002.00000002.2309646185.0000021C0048A000.00000004.00000800.00020000.00000000.sdmp, Syncro.Installer.exe, 00000002.00000002.2326708476.0000021C770F0000.00000004.08000000.00040000.00000000.sdmp, Syncro.Service.Runner.exe, 00000009.00000002.3494544518.0000022A7A682000.00000002.00000001.01000000.0000003D.sdmp
Source: Binary string: z:\Builds\work\23f7f5f0221f789c\FluentCommandLineParser\obj\release\FluentCommandLineParser.pdbp source: SyncroLive.Service.Runner.exe, 0000001C.00000002.3599319605.00000238546B2000.00000002.00000001.01000000.0000004E.sdmp
Source: Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.pdb source: Syncro.App.Runner.exe, 00000015.00000002.3419276773.0000020773624000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\A\_work\156\s\corefx\bin\obj\AnyOS.AnyCPU.Release\System.Threading.Tasks.Extensions\netfx\System.Threading.Tasks.Extensions.pdb source: Syncro.Service.Runner.exe, 00000009.00000002.3371599333.0000022A61302000.00000002.00000001.01000000.0000002E.sdmp
Source: Binary string: C:\custombuilds\syncro\prod\master\Kabuto.App\obj\Release\Syncro.App.pdb1 source: Syncro.App.Runner.exe, 0000000D.00000002.2911244289.00000213565C2000.00000002.00000001.01000000.00000017.sdmp
Source: Binary string: C:\custombuilds\syncro\prod\master\Installer\obj\Release\Installer.pdb source: INVOICE31401001340.exe, 00000000.00000000.2120038499.0000000000672000.00000002.00000001.01000000.00000003.sdmp
Source: Binary string: C:\custombuilds\syncro\prod\master\Kabuto.Service.Runner\obj\Release\Syncro.Service.Runner.pdb source: INVOICE31401001340.exe
Source: Binary string: /_/Src/Newtonsoft.Json/obj/Release/net45/Newtonsoft.Json.pdbSHA256 source: Syncro.Installer.exe, 00000002.00000002.2309646185.0000021C0010A000.00000004.00000800.00020000.00000000.sdmp, Syncro.Installer.exe, 00000002.00000002.2316441248.0000021C10001000.00000004.00000800.00020000.00000000.sdmp, Syncro.Installer.exe, 00000002.00000002.2323006385.0000021C755C0000.00000004.08000000.00040000.00000000.sdmp, Syncro.App.Runner.exe, 0000000D.00000002.2915904761.0000021356952000.00000002.00000001.01000000.00000020.sdmp, Syncro.Overmind.Service.exe, 0000000E.00000002.2467329958.0000017216854000.00000004.00000800.00020000.00000000.sdmp, Syncro.Overmind.Service.exe, 0000000E.00000002.2467329958.00000172165C9000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: /_/Src/Newtonsoft.Json/obj/Release/net45/Newtonsoft.Json.pdb source: Syncro.Installer.exe, 00000002.00000002.2309646185.0000021C0010A000.00000004.00000800.00020000.00000000.sdmp, Syncro.Installer.exe, 00000002.00000002.2316441248.0000021C10001000.00000004.00000800.00020000.00000000.sdmp, Syncro.Installer.exe, 00000002.00000002.2323006385.0000021C755C0000.00000004.08000000.00040000.00000000.sdmp, Syncro.App.Runner.exe, 0000000D.00000002.2915904761.0000021356952000.00000002.00000001.01000000.00000020.sdmp, Syncro.Overmind.Service.exe, 0000000E.00000002.2467329958.0000017216854000.00000004.00000800.00020000.00000000.sdmp, Syncro.Overmind.Service.exe, 0000000E.00000002.2467329958.00000172165C9000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: C:\projects\serilog\src\Serilog\obj\Release\net46\Serilog.pdb source: Syncro.Installer.exe, 00000002.00000002.2320267973.0000021C73310000.00000004.08000000.00040000.00000000.sdmp, Syncro.App.Runner.exe, 0000000D.00000002.2910958420.0000021356582000.00000002.00000001.01000000.00000016.sdmp, SyncroLive.Service.Runner.exe, 0000001C.00000002.3597764051.0000023854662000.00000002.00000001.01000000.0000004C.sdmp
Source: Binary string: C:\Sources\CSharpFunctionalExtensions\CSharpFunctionalExtensions\obj\Debug\net461\CSharpFunctionalExtensions.pdb source: Syncro.Installer.exe, 00000002.00000002.2320142547.0000021C732F0000.00000004.08000000.00040000.00000000.sdmp, Syncro.Service.Runner.exe, 00000009.00000002.3481695293.0000022A79F52000.00000002.00000001.01000000.00000034.sdmp
Source: Binary string: C:\projects\flurl\src\Flurl.Http\obj\Release\net461\Flurl.Http.pdbSHA256 source: Syncro.Installer.exe, 00000002.00000002.2322783144.0000021C75550000.00000004.08000000.00040000.00000000.sdmp, Syncro.App.Runner.exe, 0000000D.00000002.2914410699.0000021356792000.00000002.00000001.01000000.00000019.sdmp
Source: Binary string: C:\projects\flurl\src\Flurl.Http\obj\Release\net461\Flurl.Http.pdb source: Syncro.Installer.exe, 00000002.00000002.2322783144.0000021C75550000.00000004.08000000.00040000.00000000.sdmp, Syncro.App.Runner.exe, 0000000D.00000002.2914410699.0000021356792000.00000002.00000001.01000000.00000019.sdmp
Source: Binary string: C:\projects\serilog-sinks-literate\src\Serilog.Sinks.Literate\obj\Release\net45\Serilog.Sinks.Literate.pdb source: Syncro.Installer.exe, 00000002.00000002.2321396565.0000021C74C30000.00000004.08000000.00040000.00000000.sdmp, Syncro.App.Runner.exe, 0000000D.00000002.2915178522.00000213567F2000.00000002.00000001.01000000.0000001C.sdmp
Source: Binary string: C:\dev\github\Rollbar\Rollbar.NET\Rollbar\obj\Release\net462\Rollbar.pdbSHA2567 source: Syncro.Overmind.Service.exe, 0000000E.00000002.2472945190.000001721EC70000.00000004.08000000.00040000.00000000.sdmp, Syncro.Overmind.Service.exe, 0000000E.00000002.2467329958.0000017216593000.00000004.00000800.00020000.00000000.sdmp, Syncro.Overmind.Service.exe, 0000000E.00000002.2467329958.00000172165C9000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: C:\projects\topshelf\src\Topshelf\obj\Release\net452\Topshelf.pdb source: Syncro.Overmind.Service.exe, 0000000E.00000002.2472463445.000001721EC30000.00000004.08000000.00040000.00000000.sdmp, Syncro.Overmind.Service.exe, 0000000E.00000002.2467329958.0000017216854000.00000004.00000800.00020000.00000000.sdmp, SyncroLive.Service.Runner.exe, 0000001C.00000002.3600010389.00000238546D2000.00000002.00000001.01000000.0000004F.sdmp
Source: Binary string: C:\custombuilds\syncro\prod\master\repairtech-tools\Squirrel.Windows\src\Squirrel\obj\Release\Squirrel.pdb source: Syncro.Service.Runner.exe, 00000009.00000002.3484993397.0000022A7A302000.00000002.00000001.01000000.0000003A.sdmp
Source: Binary string: C:\TeamCity\buildAgent\work\5410ab877c27fda6\inputsimulator\WindowsInput\obj\Release\SyncroLive.WindowsInput.pdb source: SyncroLive.Service.Runner.exe, 0000001C.00000002.3722646924.000002386D012000.00000002.00000001.01000000.00000050.sdmp
Source: Binary string: C:\custombuilds\syncro\prod\master\Kabuto.Service\obj\Release\Syncro.Service.pdb] source: Syncro.Service.Runner.exe, 00000009.00000002.3474168240.0000022A79D42000.00000002.00000001.01000000.00000033.sdmp
Source: Binary string: C:\custombuilds\syncro\prod\master\bin\Release\Squirrel\Update.exe.pdbD source: INVOICE31401001340.exe, 00000000.00000002.2353079397.0000000013189000.00000004.00000800.00020000.00000000.sdmp, INVOICE31401001340.exe, 00000000.00000000.2120038499.0000000000672000.00000002.00000001.01000000.00000003.sdmp, Syncro.Installer.exe, 00000002.00000000.2130594520.0000021C72832000.00000002.00000001.01000000.00000006.sdmp
Source: Binary string: System.pdb source: Syncro.App.Runner.exe, 00000015.00000002.3411155020.0000020772FD0000.00000004.00000020.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000015.00000002.3419276773.000002077362D000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\custombuilds\syncro\prod\master\Kabuto.Service\obj\Release\Syncro.Service.pdb source: Syncro.Installer.exe, 00000002.00000002.2324699686.0000021C75AE0000.00000004.08000000.00040000.00000000.sdmp, Syncro.Service.Runner.exe, 00000009.00000002.3474168240.0000022A79D42000.00000002.00000001.01000000.00000033.sdmp
Source: Binary string: C:\dev\github\Rollbar\Rollbar.NET\Rollbar\obj\Release\net462\Rollbar.pdb source: Syncro.Overmind.Service.exe, 0000000E.00000002.2472945190.000001721EC70000.00000004.08000000.00040000.00000000.sdmp, Syncro.Overmind.Service.exe, 0000000E.00000002.2467329958.0000017216593000.00000004.00000800.00020000.00000000.sdmp, Syncro.Overmind.Service.exe, 0000000E.00000002.2467329958.00000172165C9000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: C:\custombuilds\syncro\prod\master\Syncro.Service.Services\obj\Release\net462\Syncro.Service.Services.pdbSHA256 source: Syncro.Installer.exe, 00000002.00000002.2309646185.0000021C0041A000.00000004.00000800.00020000.00000000.sdmp, Syncro.Installer.exe, 00000002.00000002.2309646185.0000021C00404000.00000004.00000800.00020000.00000000.sdmp, Syncro.Installer.exe, 00000002.00000002.2309646185.0000021C003E9000.00000004.00000800.00020000.00000000.sdmp, Syncro.Installer.exe, 00000002.00000002.2326198935.0000021C75C90000.00000004.08000000.00040000.00000000.sdmp
Source: Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.pdb source: Syncro.App.Runner.exe, 00000015.00000002.3411155020.000002077304F000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\custombuilds\syncro\prod\master\bin\Release\Squirrel\Update.exe.pdb source: INVOICE31401001340.exe, 00000000.00000002.2353079397.0000000013189000.00000004.00000800.00020000.00000000.sdmp, INVOICE31401001340.exe, 00000000.00000000.2120038499.0000000000672000.00000002.00000001.01000000.00000003.sdmp, Syncro.Installer.exe, 00000002.00000000.2130594520.0000021C72832000.00000002.00000001.01000000.00000006.sdmp
Source: Binary string: C:\Users\dahall\Documents\Visual Studio 2010\Projects\TaskService\obj\Release\Microsoft.Win32.TaskScheduler.pdb source: Syncro.Service.Runner.exe, 00000009.00000002.3482920323.0000022A79FF2000.00000002.00000001.01000000.00000037.sdmp
Source: Binary string: C:\projects\restsharp\RestSharp\obj\Release\net452\RestSharp.pdb source: Syncro.Service.Runner.exe, 00000009.00000002.3483896621.0000022A7A282000.00000002.00000001.01000000.00000038.sdmp
Source: Binary string: \??\C:\Windows\dll\System.pdb source: Syncro.App.Runner.exe, 00000015.00000002.3411155020.0000020773017000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\TeamCity\buildAgent\work\5410ab877c27fda6\repairtech-tools\Squirrel.Windows\src\Runner\obj\Release\Runner.pdb source: SyncroLive.Service.Runner.exe, 0000001C.00000000.3271704115.0000023853BE2000.00000002.00000001.01000000.00000024.sdmp
Source: Binary string: C:\custombuilds\syncro\prod\master\Kabuto.App.Runner\obj\Release\Syncro.App.Runner.pdb source: INVOICE31401001340.exe, Syncro.App.Runner.exe0.2.dr
Source: Binary string: C:\projects\serilog-sinks-file\src\Serilog.Sinks.File\obj\Release\net45\Serilog.Sinks.File.pdbw{ source: Syncro.Installer.exe, 00000002.00000002.2321337716.0000021C74C00000.00000004.08000000.00040000.00000000.sdmp, Syncro.App.Runner.exe, 0000000D.00000002.2910585414.0000021356562000.00000002.00000001.01000000.00000014.sdmp
Source: Binary string: C:\custombuilds\syncro\prod\master\repairtech-tools\RepairTech.Common.Tools\obj\Release\RepairTech.Common.Tools.pdb source: Syncro.Installer.exe, 00000002.00000002.2321024872.0000021C74BA0000.00000004.08000000.00040000.00000000.sdmp
Source: Binary string: /_/src/Flurl.Http/obj/Release/net461/Flurl.Http.pdbSHA256 source: Syncro.Overmind.Service.exe, 0000000E.00000002.2464154751.0000017206540000.00000004.08000000.00040000.00000000.sdmp
Source: Binary string: C:\custombuilds\syncro\prod\master\Syncro.Service.Interfaces\obj\Release\net462\Syncro.Service.Interfaces.pdbSHA256Aw source: Syncro.Service.Runner.exe, 00000009.00000002.3371865466.0000022A61312000.00000002.00000001.01000000.0000002F.sdmp
Source: Binary string: C:\projects\serilog-sinks-file\src\Serilog.Sinks.File\obj\Release\net45\Serilog.Sinks.File.pdb source: Syncro.Installer.exe, 00000002.00000002.2321337716.0000021C74C00000.00000004.08000000.00040000.00000000.sdmp, Syncro.App.Runner.exe, 0000000D.00000002.2910585414.0000021356562000.00000002.00000001.01000000.00000014.sdmp, Syncro.Overmind.Service.exe, 0000000E.00000002.2472791182.000001721EC60000.00000004.08000000.00040000.00000000.sdmp
Source: Binary string: C:\custombuilds\syncro\prod\master\repairtech-tools\3rdparty\PhoenixSharp\Phoenix\obj\Release\net45\Phoenix.pdb source: Syncro.Service.Runner.exe, 00000009.00000002.3482482309.0000022A79FC2000.00000002.00000001.01000000.00000035.sdmp
Source: Binary string: C:\custombuilds\syncro\prod\master\Kabuto.App\obj\Release\Syncro.App.pdb source: Syncro.App.Runner.exe, 0000000D.00000002.2911244289.00000213565C2000.00000002.00000001.01000000.00000017.sdmp
Source: Binary string: C:\projects\serilog-sinks-console\src\Serilog.Sinks.Console\obj\Release\net45\Serilog.Sinks.Console.pdb source: Syncro.Installer.exe, 00000002.00000002.2321907299.0000021C75430000.00000004.08000000.00040000.00000000.sdmp, Syncro.App.Runner.exe, 0000000D.00000002.2915420583.0000021356882000.00000002.00000001.01000000.0000001E.sdmp
Source: Binary string: \??\C:\Windows\System.pdbr source: Syncro.App.Runner.exe, 00000015.00000002.3411155020.000002077304F000.00000004.00000020.00020000.00000000.sdmp

Data Obfuscation
barindex
Detected unpacking (creates a PE file in dynamic memory)
Source: C:\Program Files\RepairTech\LiveAgent\SyncroLive.Service.Runner.exe Unpacked PE file: 28.2.SyncroLive.Service.Runner.exe.23854620000.11.unpack
.NET source code contains potential unpacker
Source: Syncro.Installer.exe.0.dr, AssemblyLoader.cs .Net Code: ReadFromEmbeddedResources System.Reflection.Assembly.Load(byte[])
Source: Syncro.Service.Runner.exe.2.dr, RunnerBase.cs .Net Code: InvokeMethod
Source: Syncro.App.Runner.exe.2.dr, RunnerBase.cs .Net Code: InvokeMethod
Source: Syncro.App.Runner.exe0.2.dr, RunnerBase.cs .Net Code: InvokeMethod
Yara detected Costura Assembly Loader
Source: Yara match File source: Process Memory Space: INVOICE31401001340.exe PID: 3840, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: Syncro.Installer.exe PID: 6512, type: MEMORYSTR
Binary contains a suspicious time stamp
Source: INVOICE31401001340.exe Static PE information: 0xD20F9479 [Thu Sep 4 18:33:29 2081 UTC]
Uses code obfuscation techniques (call, push, ret)
Source: C:\Users\user\Desktop\INVOICE31401001340.exe Code function: 0_2_00007FFD348A00BD pushad ; iretd 0_2_00007FFD348A00C1
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Code function: 2_2_00007FFD348954EA push eax; iretd 2_2_00007FFD348955DD
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Code function: 2_2_00007FFD3489B6B8 push eax; retf 2_2_00007FFD3489B6C1
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Code function: 2_2_00007FFD3489C30B push eax; retf 2_2_00007FFD3489C314
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Code function: 2_2_00007FFD34898ACD push eax; ret 2_2_00007FFD34898AE1
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Code function: 2_2_00007FFD348A43DD push E85DB29Ah; ret 2_2_00007FFD348A44F9
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Code function: 2_2_00007FFD34B38148 push ebx; ret 2_2_00007FFD34B3816A
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Code function: 9_2_00007FFD3479D2A5 pushad ; iretd 9_2_00007FFD3479D2A6
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Code function: 9_2_00007FFD348C755D push ebx; iretd 9_2_00007FFD348C756A
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Code function: 9_2_00007FFD348B00BD pushad ; iretd 9_2_00007FFD348B00C1
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Code function: 9_2_00007FFD34B4D34E pushad ; ret 9_2_00007FFD34B4D34F
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Code function: 9_2_00007FFD34B4CF81 push edx; ret 9_2_00007FFD34B4CF82
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Code function: 9_2_00007FFD34B4CF91 push edx; ret 9_2_00007FFD34B4CF92
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Code function: 9_2_00007FFD34B754C5 pushad ; iretd 9_2_00007FFD34B755CD
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Code function: 9_2_00007FFD34B8845E push eax; ret 9_2_00007FFD34B8846D
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Code function: 9_2_00007FFD34B84DFC push ecx; ret 9_2_00007FFD34B84E0A
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Code function: 9_2_00007FFD34B84F48 push edx; ret 9_2_00007FFD34B84F5A
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Code function: 9_2_00007FFD34B73F51 push eax; iretd 9_2_00007FFD34B74129
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Code function: 9_2_00007FFD34B84EEC push edx; ret 9_2_00007FFD34B84EFA
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Code function: 9_2_00007FFD34B81918 push cs; ret 9_2_00007FFD34B81A7A
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Code function: 9_2_00007FFD34B88169 push ebx; ret 9_2_00007FFD34B8816A
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Code function: 9_2_00007FFD34B85B2C pushad ; ret 9_2_00007FFD34B85B3A
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Code function: 9_2_00007FFD34B872F9 pushfd ; ret 9_2_00007FFD34B8730A
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Code function: 9_2_00007FFD34B81A7B push cs; ret 9_2_00007FFD34B81BDA
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Code function: 9_2_00007FFD34B8842E pushad ; ret 9_2_00007FFD34B8845D
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Code function: 9_2_00007FFD34E65D38 push E95EF1EAh; ret 9_2_00007FFD34E65D59
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Code function: 9_2_00007FFD34E65D18 push E95EF1EAh; ret 9_2_00007FFD34E65D59
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Code function: 9_2_00007FFD34E65CE0 push E95EF1EAh; ret 9_2_00007FFD34E65D59
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Code function: 9_2_00007FFD34E603D0 pushad ; retf 9_2_00007FFD34E603FD
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Code function: 9_2_00007FFD34FCC365 push ecx; ret 9_2_00007FFD34FCC399
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Code function: 9_2_00007FFD34FCC39C push esp; ret 9_2_00007FFD34FCC39D

Persistence and Installation Behavior
barindex
Creates files in the system32 config directory
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe File created: C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\Syncro.Service.Runner.exe.log Jump to behavior
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe File created: C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\Syncro.Overmind.Service.exe.log
Drops PE files
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe File created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\es\System.Spatial.resources.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe File created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\fi-FI\Syncro.App.resources.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe File created: C:\Program Files\RepairTech\LiveAgent\app-0.0.66.14351~f7fcc35a2d1947f693e0732f444c406e\Flurl.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe File created: C:\Program Files\RepairTech\LiveAgent\app-0.0.68.15635~b3ea396ce3964d88b4b8425873431883\SyncroLive.Service.exe Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe File created: C:\Program Files\RepairTech\LiveAgent\app-0.0.66.14351~f7fcc35a2d1947f693e0732f444c406e\Interop.NetFwTypeLib.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe File created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\de-DE\Syncro.App.resources.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe File created: C:\Program Files\RepairTech\LiveAgent\app-0.0.66.14351~f7fcc35a2d1947f693e0732f444c406e\Serilog.Sinks.Console.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe File created: C:\Program Files\RepairTech\LiveAgent\app-0.0.66.14351~f7fcc35a2d1947f693e0732f444c406e\Microsoft.Data.Services.Client.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe File created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\Syncro.Service.Models.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe File created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\System.Threading.Tasks.Extensions.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe File created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\System.Net.WebSockets.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe File created: C:\Program Files\RepairTech\LiveAgent\app-0.0.66.14351~f7fcc35a2d1947f693e0732f444c406e\x86\turbojpeg.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe File created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\Syncro.Uninstaller.Tools.exe Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe File created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\System.Net.WebSockets.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe File created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\fr\Microsoft.Data.Services.Client.resources.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe File created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\es\Microsoft.Data.Edm.resources.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe File created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\MetroFramework.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe File created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\RepairTech.Common.Tools.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe File created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\System.Security.Cryptography.Algorithms.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe File created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\MetroFramework.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe File created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\fr\Microsoft.Data.OData.resources.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe File created: C:\Program Files\RepairTech\LiveAgent\app-0.0.68.15635~b3ea396ce3964d88b4b8425873431883\SharpDX.DXGI.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe File created: C:\Program Files\RepairTech\LiveAgent\app-0.0.68.15635~b3ea396ce3964d88b4b8425873431883\SyncroLive.Agent.exe Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe File created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\System.Security.Cryptography.Algorithms.dll Jump to dropped file
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe File created: C:\ProgramData\Syncro\bin\FilePusher.exe Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe File created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\Telerik.Windows.Controls.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe File created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\zh-CHS\Syncro.App.resources.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe File created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\Serilog.Formatting.Compact.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe File created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\Syncro.Uninstaller.Tools.exe Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe File created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\System.Security.Cryptography.Encoding.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe File created: C:\Program Files\RepairTech\LiveAgent\app-0.0.66.14351~f7fcc35a2d1947f693e0732f444c406e\Mixpanel.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe File created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\fr\Microsoft.Data.Edm.resources.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe File created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\CSharpFunctionalExtensions.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe File created: C:\Program Files\RepairTech\LiveAgent\app-0.0.66.14351~f7fcc35a2d1947f693e0732f444c406e\DeltaCompressionDotNet.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe File created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\ru-RU\Syncro.App.resources.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe File created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\DeltaCompressionDotNet.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe File created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\Syncro.Service.Models.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe File created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\FluentCommandLineParser.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe File created: C:\Program Files\RepairTech\LiveAgent\app-0.0.68.15635~b3ea396ce3964d88b4b8425873431883\SharpDX.Mathematics.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe File created: C:\Program Files\RepairTech\LiveAgent\app-0.0.68.15635~b3ea396ce3964d88b4b8425873431883\Topshelf.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe File created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\RollbarSharp.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe File created: C:\Program Files\RepairTech\LiveAgent\app-0.0.68.15635~b3ea396ce3964d88b4b8425873431883\CSharpFunctionalExtensions.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe File created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\Destructurama.Attributed.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe File created: C:\Program Files\RepairTech\LiveAgent\app-0.0.66.14351~f7fcc35a2d1947f693e0732f444c406e\System.Management.Automation.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe File created: C:\Program Files\RepairTech\LiveAgent\app-0.0.68.15635~b3ea396ce3964d88b4b8425873431883\x86\turbojpeg.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe File created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\it-IT\Syncro.App.resources.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe File created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\Interop.WUApiLib.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe File created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\es-ES\Syncro.App.resources.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe File created: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe File created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\Syncro.Service.Interfaces.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe File created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\Telerik.Windows.Controls.Navigation.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe File created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\da-DK\Syncro.App.resources.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe File created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\pt-BR\Syncro.App.resources.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe File created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\es\Microsoft.Data.OData.resources.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe File created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\Serilog.Sinks.Console.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe File created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\NuGet.Squirrel.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe File created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\Syncro.Service.Interfaces.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe File created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\Microsoft.Data.Edm.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe File created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\Microsoft.Win32.TaskScheduler.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe File created: C:\Program Files\RepairTech\LiveAgent\app-0.0.68.15635~b3ea396ce3964d88b4b8425873431883\SyncroLive.Service.Runner.exe Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe File created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\Syncro.Service.Configuration.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe File created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\Telerik.Windows.Controls.ConversationalUI.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe File created: C:\Program Files\RepairTech\LiveAgent\app-0.0.68.15635~b3ea396ce3964d88b4b8425873431883\JetBrains.Annotations.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe File created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\Newtonsoft.Json.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe File created: C:\Program Files\RepairTech\LiveAgent\app-0.0.66.14351~f7fcc35a2d1947f693e0732f444c406e\RollbarSharp.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe File created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\Microsoft.Web.XmlTransform.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe File created: C:\Program Files\RepairTech\LiveAgent\app-0.0.66.14351~f7fcc35a2d1947f693e0732f444c406e\SharpDX.Mathematics.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe File created: C:\Program Files\RepairTech\LiveAgent\app-0.0.66.14351~f7fcc35a2d1947f693e0732f444c406e\Squirrel.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe File created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\zh-Hans\System.Spatial.resources.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe File created: C:\Program Files\RepairTech\LiveAgent\app-0.0.66.14351~f7fcc35a2d1947f693e0732f444c406e\RepairTech.Common.Tools.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe File created: C:\Program Files\RepairTech\LiveAgent\app-0.0.68.15635~b3ea396ce3964d88b4b8425873431883\SharpDX.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe File created: C:\Program Files\RepairTech\LiveAgent\app-0.0.66.14351~f7fcc35a2d1947f693e0732f444c406e\FluentCommandLineParser.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe File created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\Telerik.Windows.Controls.Input.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe File created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\cs-CZ\Syncro.App.resources.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe File created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\fr\System.Spatial.resources.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe File created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\Mono.Cecil.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe File created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\Syncro.Service.exe Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe File created: C:\Program Files\RepairTech\LiveAgent\app-0.0.68.15635~b3ea396ce3964d88b4b8425873431883\RepairTech.Common.Wpf.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe File created: C:\Program Files\RepairTech\LiveAgent\app-0.0.68.15635~b3ea396ce3964d88b4b8425873431883\Serilog.Sinks.Literate.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe File created: C:\Program Files\RepairTech\LiveAgent\app-0.0.68.15635~b3ea396ce3964d88b4b8425873431883\Mono.Cecil.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe File created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\System.Security.Cryptography.X509Certificates.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe File created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\System.Runtime.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe File created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\Microsoft.Web.XmlTransform.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe File created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\System.ValueTuple.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe File created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\Syncro.Service.Configuration.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe File created: C:\Program Files\RepairTech\LiveAgent\app-0.0.68.15635~b3ea396ce3964d88b4b8425873431883\SharpDX.Direct3D11.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe File created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\Itenso.TimePeriod.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe File created: C:\Program Files\RepairTech\LiveAgent\app-0.0.68.15635~b3ea396ce3964d88b4b8425873431883\SyncroLive.Interface.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe File created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\ko\System.Spatial.resources.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe File created: C:\Program Files\RepairTech\LiveAgent\app-0.0.66.14351~f7fcc35a2d1947f693e0732f444c406e\Topshelf.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe File created: C:\Program Files\RepairTech\LiveAgent\app-0.0.66.14351~f7fcc35a2d1947f693e0732f444c406e\CSharpFunctionalExtensions.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe File created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\websocket-sharp.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe File created: C:\Program Files\RepairTech\LiveAgent\app-0.0.66.14351~f7fcc35a2d1947f693e0732f444c406e\System.Runtime.CompilerServices.Unsafe.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe File created: C:\Program Files\RepairTech\LiveAgent\app-0.0.68.15635~b3ea396ce3964d88b4b8425873431883\System.ValueTuple.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe File created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\de\Microsoft.Data.Services.Client.resources.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe File created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\Microsoft.Win32.TaskScheduler.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe File created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\ja\Microsoft.Data.Edm.resources.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe File created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\nl-NL\Syncro.App.resources.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe File created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\Mono.Cecil.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe File created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\ru\Microsoft.Data.OData.resources.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe File created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\Serilog.Sinks.Literate.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe File created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\zh-Hans\Microsoft.Data.Edm.resources.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe File created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\Serilog.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe File created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\Squirrel.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe File created: C:\Program Files\RepairTech\LiveAgent\app-0.0.68.15635~b3ea396ce3964d88b4b8425873431883\Serilog.Sinks.Console.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe File created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\ICSharpCode.SharpZipLib.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe File created: C:\Program Files\RepairTech\LiveAgent\app-0.0.66.14351~f7fcc35a2d1947f693e0732f444c406e\SyncroLive.WindowsInput.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe File created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\Syncro.App.Runner.exe Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe File created: C:\Program Files\RepairTech\LiveAgent\app-0.0.68.15635~b3ea396ce3964d88b4b8425873431883\Newtonsoft.Json.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe File created: C:\Program Files\RepairTech\LiveAgent\app-0.0.68.15635~b3ea396ce3964d88b4b8425873431883\x64\turbojpeg.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe File created: C:\Program Files\RepairTech\LiveAgent\SyncroLive.Service.Runner.exe Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe File created: C:\Program Files\RepairTech\LiveAgent\app-0.0.66.14351~f7fcc35a2d1947f693e0732f444c406e\SyncroLive.Agent.Runner.exe Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe File created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\zh-Hans\Microsoft.Data.Services.Client.resources.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe File created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\ja\System.Spatial.resources.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe File created: C:\Program Files\RepairTech\LiveAgent\app-0.0.68.15635~b3ea396ce3964d88b4b8425873431883\deniszykov.WebSocketListener.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe File created: C:\Program Files\RepairTech\LiveAgent\app-0.0.68.15635~b3ea396ce3964d88b4b8425873431883\Flurl.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe File created: C:\Program Files\RepairTech\LiveAgent\app-0.0.66.14351~f7fcc35a2d1947f693e0732f444c406e\x64\turbojpeg.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe File created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\de\Microsoft.Data.OData.resources.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe File created: C:\Program Files\RepairTech\LiveAgent\app-0.0.68.15635~b3ea396ce3964d88b4b8425873431883\x86\WebRTC.Native.Internal.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe File created: C:\Program Files\RepairTech\LiveAgent\app-0.0.66.14351~f7fcc35a2d1947f693e0732f444c406e\SyncroLive.Agent.exe Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe File created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\CSharpFunctionalExtensions.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe File created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\ja\Microsoft.Data.OData.resources.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe File created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\Syncro.Contracts.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe File created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\RepairTech.Common.Tools.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe File created: C:\Program Files\RepairTech\LiveAgent\app-0.0.68.15635~b3ea396ce3964d88b4b8425873431883\ZetaLongPaths.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe File created: C:\Program Files\RepairTech\LiveAgent\app-0.0.66.14351~f7fcc35a2d1947f693e0732f444c406e\Microsoft.Data.Edm.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe File created: C:\Program Files\RepairTech\LiveAgent\app-0.0.68.15635~b3ea396ce3964d88b4b8425873431883\Squirrel.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe File created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\zh-Hant\System.Spatial.resources.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe File created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\Syncro.App.Runner.exe Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe File created: C:\Program Files\RepairTech\LiveAgent\app-0.0.68.15635~b3ea396ce3964d88b4b8425873431883\OpenHardwareMonitorLib.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe File created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\DeltaCompressionDotNet.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe File created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\7za-x64.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe File created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\fr-FR\Syncro.App.resources.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe File created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\Flurl.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe File created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\SevenZipSharp.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe File created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\SharpSnmpLib.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe File created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\Newtonsoft.Json.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe File created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\System.Runtime.CompilerServices.Unsafe.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe File created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\UrlCombineLib.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe File created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\JetBrains.Annotations.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe File created: C:\Program Files\RepairTech\LiveAgent\app-0.0.66.14351~f7fcc35a2d1947f693e0732f444c406e\WebRTC.NET.SDK.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe File created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\Phoenix.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe File created: C:\Program Files\RepairTech\LiveAgent\app-0.0.66.14351~f7fcc35a2d1947f693e0732f444c406e\Microsoft.Web.XmlTransform.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe File created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\Syncro.Service.exe Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe File created: C:\Program Files\RepairTech\LiveAgent\app-0.0.68.15635~b3ea396ce3964d88b4b8425873431883\System.Management.Automation.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe File created: C:\Program Files\RepairTech\LiveAgent\app-0.0.66.14351~f7fcc35a2d1947f693e0732f444c406e\OpenHardwareMonitorLib.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe File created: C:\Program Files\RepairTech\LiveAgent\app-0.0.68.15635~b3ea396ce3964d88b4b8425873431883\SyncroLive.Agent.Runner.exe Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe File created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\Serilog.Sinks.Literate.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe File created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\ru\Microsoft.Data.Services.Client.resources.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe File created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\Destructurama.Attributed.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe File created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\ru\Microsoft.Data.Edm.resources.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe File created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\Autofac.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe File created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\Splat.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe File created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\System.Security.Cryptography.Primitives.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe File created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\System.Security.Cryptography.Primitives.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe File created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\ko\Microsoft.Data.OData.resources.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe File created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\FluentCommandLineParser.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe File created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\System.Runtime.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe File created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\Telerik.Windows.Controls.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe File created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\fr-FR\Syncro.App.resources.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe File created: C:\Program Files\RepairTech\LiveAgent\app-0.0.68.15635~b3ea396ce3964d88b4b8425873431883\SyncroLive.WindowsInput.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe File created: C:\Program Files\RepairTech\LiveAgent\app-0.0.66.14351~f7fcc35a2d1947f693e0732f444c406e\Cassia.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe File created: C:\Program Files\RepairTech\LiveAgent\app-0.0.66.14351~f7fcc35a2d1947f693e0732f444c406e\Serilog.Formatting.Compact.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe File created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\ICSharpCode.SharpZipLib.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe File created: C:\Program Files\RepairTech\LiveAgent\app-0.0.66.14351~f7fcc35a2d1947f693e0732f444c406e\System.Runtime.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe File created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\Syncro.Uninstaller.exe Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe File created: C:\Program Files\RepairTech\LiveAgent\app-0.0.66.14351~f7fcc35a2d1947f693e0732f444c406e\SharpDX.DXGI.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe File created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\Flurl.Http.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe File created: C:\Program Files\RepairTech\LiveAgent\app-0.0.66.14351~f7fcc35a2d1947f693e0732f444c406e\RepairTech.Common.Wpf.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe File created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\cs-CZ\Syncro.App.resources.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe File created: C:\Program Files\RepairTech\LiveAgent\app-0.0.66.14351~f7fcc35a2d1947f693e0732f444c406e\Serilog.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe File created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\websocket-sharp.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe File created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\System.ValueTuple.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe File created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\7za-x86.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe File created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\Syncro.Service.Runner.exe Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe File created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\System.Security.Cryptography.Encoding.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe File created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\Serilog.Sinks.File.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe File created: C:\Program Files\RepairTech\LiveAgent\app-0.0.66.14351~f7fcc35a2d1947f693e0732f444c406e\System.ValueTuple.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe File created: C:\Program Files\RepairTech\LiveAgent\app-0.0.68.15635~b3ea396ce3964d88b4b8425873431883\Splat.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe File created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\ja-JP\Syncro.App.resources.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe File created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\en\Syncro.Uninstaller.resources.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe File created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\System.Spatial.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe File created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\zh-Hans\Microsoft.Data.OData.resources.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe File created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\Serilog.Sinks.File.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe File created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\Splat.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe File created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\pt-BR\Syncro.App.resources.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe File created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\it-IT\Syncro.App.resources.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe File created: C:\Program Files\RepairTech\LiveAgent\app-0.0.66.14351~f7fcc35a2d1947f693e0732f444c406e\SyncroLive.Interface.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe File created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\Syncro.Service.Runner.exe Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe File created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\Telerik.Windows.Controls.ConversationalUI.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe File created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\da-DK\Syncro.App.resources.dll Jump to dropped file
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe File created: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe File created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\Syncro.Tools.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe File created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\zh-CHS\Syncro.App.resources.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe File created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\JetBrains.Annotations.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe File created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\SharpCompress.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe File created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\sl-SI\Syncro.App.resources.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe File created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\Flurl.Http.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe File created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\en\Syncro.Uninstaller.resources.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe File created: C:\Program Files\RepairTech\LiveAgent\app-0.0.66.14351~f7fcc35a2d1947f693e0732f444c406e\Mono.Cecil.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe File created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\nl-NL\Syncro.App.resources.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe File created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\de\Microsoft.Data.Edm.resources.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe File created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\MetroFramework.Fonts.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe File created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\Syncro.Service.Services.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe File created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\zh-Hant\Microsoft.Data.OData.resources.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe File created: C:\Program Files\RepairTech\LiveAgent\app-0.0.68.15635~b3ea396ce3964d88b4b8425873431883\WebRTC.NET.SDK.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe File created: C:\Program Files\RepairTech\LiveAgent\app-0.0.68.15635~b3ea396ce3964d88b4b8425873431883\x64\WebRTC.Native.Internal.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe File created: C:\Program Files\RepairTech\LiveAgent\app-0.0.68.15635~b3ea396ce3964d88b4b8425873431883\Flurl.Http.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe File created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\Serilog.Formatting.Compact.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe File created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\Microsoft.Bcl.AsyncInterfaces.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe File created: C:\Program Files\RepairTech\LiveAgent\app-0.0.68.15635~b3ea396ce3964d88b4b8425873431883\System.Runtime.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe File created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\Microsoft.Data.Services.Client.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe File created: C:\Program Files\RepairTech\LiveAgent\app-0.0.66.14351~f7fcc35a2d1947f693e0732f444c406e\Flurl.Http.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe File created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\it\Microsoft.Data.Services.Client.resources.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe File created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\Syncro.Service.Services.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe File created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\Syncro.App.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe File created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\RepairTech.Common.Wpf.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe File created: C:\Program Files\RepairTech\LiveAgent\app-0.0.66.14351~f7fcc35a2d1947f693e0732f444c406e\JetBrains.Annotations.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe File created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\SevenZipSharp.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe File created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\en\Syncro.App.resources.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe File created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\Syncro.Tools.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe File created: C:\Program Files\RepairTech\LiveAgent\app-0.0.68.15635~b3ea396ce3964d88b4b8425873431883\Interop.NetFwTypeLib.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe File created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\ru\System.Spatial.resources.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe File created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\es-ES\Syncro.App.resources.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe File created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\Telerik.Windows.Controls.Input.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe File created: C:\Program Files\RepairTech\LiveAgent\app-0.0.66.14351~f7fcc35a2d1947f693e0732f444c406e\NuGet.Squirrel.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe File created: C:\Program Files\RepairTech\LiveAgent\app-0.0.66.14351~f7fcc35a2d1947f693e0732f444c406e\SharpDX.Direct3D11.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe File created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\de\System.Spatial.resources.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe File created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\ko\Microsoft.Data.Edm.resources.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe File created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\RollbarSharp.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe File created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\System.Security.Cryptography.X509Certificates.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe File created: C:\Program Files\RepairTech\LiveAgent\app-0.0.66.14351~f7fcc35a2d1947f693e0732f444c406e\ZetaLongPaths.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe File created: C:\Program Files\RepairTech\LiveAgent\app-0.0.66.14351~f7fcc35a2d1947f693e0732f444c406e\SyncroLive.Service.Runner.exe Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe File created: C:\Program Files\RepairTech\LiveAgent\app-0.0.66.14351~f7fcc35a2d1947f693e0732f444c406e\SyncroLive.Service.exe Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe File created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\it\Microsoft.Data.Edm.resources.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe File created: C:\Program Files\RepairTech\LiveAgent\app-0.0.68.15635~b3ea396ce3964d88b4b8425873431883\DeltaCompressionDotNet.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe File created: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe File created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\ja\Microsoft.Data.Services.Client.resources.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe File created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\ar-SA\Syncro.App.resources.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe File created: C:\Program Files\RepairTech\LiveAgent\app-0.0.66.14351~f7fcc35a2d1947f693e0732f444c406e\deniszykov.WebSocketListener.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe File created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\Microsoft.Data.OData.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe File created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\ja-JP\Syncro.App.resources.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe File created: C:\Program Files\RepairTech\LiveAgent\app-0.0.68.15635~b3ea396ce3964d88b4b8425873431883\Destructurama.Attributed.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe File created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\el-GR\Syncro.App.resources.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe File created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\ko\Microsoft.Data.Services.Client.resources.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe File created: C:\Program Files\RepairTech\LiveAgent\app-0.0.68.15635~b3ea396ce3964d88b4b8425873431883\System.Runtime.CompilerServices.Unsafe.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe File created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\zh-Hant\Microsoft.Data.Services.Client.resources.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe File created: C:\Program Files\RepairTech\LiveAgent\app-0.0.68.15635~b3ea396ce3964d88b4b8425873431883\UrlCombineLib.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe File created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\Microsoft.Bcl.AsyncInterfaces.dll Jump to dropped file
Source: C:\Program Files\RepairTech\LiveAgent\SyncroLive.Agent.Runner.exe File created: C:\Program Files\RepairTech\LiveAgent\app-0.0.68.15635\OpenHardwareMonitorLib.sys Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe File created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\Itenso.TimePeriod.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe File created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\sl-SI\Syncro.App.resources.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe File created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\es\Microsoft.Data.Services.Client.resources.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe File created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\Syncro.App.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe File created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\UrlCombineLib.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe File created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\Telerik.Windows.Data.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe File created: C:\Program Files\RepairTech\LiveAgent\app-0.0.66.14351~f7fcc35a2d1947f693e0732f444c406e\Serilog.Sinks.File.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe File created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\zh-Hant\Microsoft.Data.Edm.resources.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe File created: C:\Program Files\RepairTech\LiveAgent\app-0.0.66.14351~f7fcc35a2d1947f693e0732f444c406e\Newtonsoft.Json.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe File created: C:\Program Files\RepairTech\LiveAgent\app-0.0.68.15635~b3ea396ce3964d88b4b8425873431883\Serilog.Sinks.File.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe File created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\Telerik.Windows.Data.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe File created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\RepairTech.Common.Wpf.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe File created: C:\Program Files\RepairTech\LiveAgent\app-0.0.66.14351~f7fcc35a2d1947f693e0732f444c406e\Splat.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe File created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\it\System.Spatial.resources.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe File created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\RestSharp.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe File created: C:\Program Files\RepairTech\LiveAgent\app-0.0.68.15635~b3ea396ce3964d88b4b8425873431883\System.Numerics.Vectors.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe File created: C:\Program Files\RepairTech\LiveAgent\app-0.0.66.14351~f7fcc35a2d1947f693e0732f444c406e\Microsoft.Data.OData.dll Jump to dropped file
Source: C:\Users\user\Desktop\INVOICE31401001340.exe File created: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe File created: C:\Program Files\RepairTech\LiveAgent\app-0.0.66.14351~f7fcc35a2d1947f693e0732f444c406e\UrlCombineLib.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe File created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\Serilog.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe File created: C:\Program Files\RepairTech\LiveAgent\SyncroLive.Agent.Runner.exe Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe File created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\SharpSnmpLib.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe File created: C:\Program Files\RepairTech\LiveAgent\app-0.0.66.14351~f7fcc35a2d1947f693e0732f444c406e\Destructurama.Attributed.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe File created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\Interop.NetFwTypeLib.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe File created: C:\Program Files\RepairTech\LiveAgent\app-0.0.68.15635~b3ea396ce3964d88b4b8425873431883\Serilog.Formatting.Compact.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe File created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\7za-x64.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe File created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\ru-RU\Syncro.App.resources.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe File created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\System.Threading.Tasks.Extensions.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe File created: C:\Program Files\RepairTech\LiveAgent\app-0.0.66.14351~f7fcc35a2d1947f693e0732f444c406e\Serilog.Sinks.Literate.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe File created: C:\Program Files\RepairTech\LiveAgent\app-0.0.68.15635~b3ea396ce3964d88b4b8425873431883\Cassia.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe File created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\Syncro.Contracts.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe File created: C:\Program Files\RepairTech\LiveAgent\app-0.0.66.14351~f7fcc35a2d1947f693e0732f444c406e\SharpCompress.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe File created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\System.Runtime.CompilerServices.Unsafe.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe File created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\it\Microsoft.Data.OData.resources.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe File created: C:\Program Files\RepairTech\LiveAgent\app-0.0.66.14351~f7fcc35a2d1947f693e0732f444c406e\System.Numerics.Vectors.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe File created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\Syncro.Uninstaller.exe Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe File created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\Serilog.Sinks.Console.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe File created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\Interop.IWshRuntimeLibrary.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe File created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\en\Syncro.App.resources.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe File created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\de-DE\Syncro.App.resources.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe File created: C:\Program Files\RepairTech\LiveAgent\app-0.0.68.15635~b3ea396ce3964d88b4b8425873431883\Microsoft.Web.XmlTransform.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe File created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\Interop.WUApiLib.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe File created: C:\Program Files\RepairTech\LiveAgent\app-0.0.68.15635~b3ea396ce3964d88b4b8425873431883\Serilog.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe File created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\Squirrel.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe File created: C:\Program Files\RepairTech\LiveAgent\app-0.0.68.15635~b3ea396ce3964d88b4b8425873431883\RepairTech.Common.Tools.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe File created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\Interop.IWshRuntimeLibrary.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe File created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\Flurl.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe File created: C:\Program Files\RepairTech\LiveAgent\app-0.0.68.15635~b3ea396ce3964d88b4b8425873431883\FluentCommandLineParser.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe File created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\Autofac.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe File created: C:\Program Files\RepairTech\LiveAgent\app-0.0.66.14351~f7fcc35a2d1947f693e0732f444c406e\x86\WebRTC.Native.Internal.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe File created: C:\Program Files\RepairTech\LiveAgent\app-0.0.68.15635~b3ea396ce3964d88b4b8425873431883\NuGet.Squirrel.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe File created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\el-GR\Syncro.App.resources.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe File created: C:\Program Files\RepairTech\LiveAgent\app-0.0.66.14351~f7fcc35a2d1947f693e0732f444c406e\x64\WebRTC.Native.Internal.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe File created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\MetroFramework.Fonts.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe File created: C:\Program Files\RepairTech\LiveAgent\app-0.0.66.14351~f7fcc35a2d1947f693e0732f444c406e\System.Spatial.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe File created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\Phoenix.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe File created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\Telerik.Windows.Controls.Navigation.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe File created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\Interop.NetFwTypeLib.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe File created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\NuGet.Squirrel.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe File created: C:\Program Files\RepairTech\LiveAgent\app-0.0.66.14351~f7fcc35a2d1947f693e0732f444c406e\SharpDX.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe File created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\fi-FI\Syncro.App.resources.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe File created: C:\Program Files\RepairTech\LiveAgent\app-0.0.68.15635~b3ea396ce3964d88b4b8425873431883\RollbarSharp.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe File created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\ar-SA\Syncro.App.resources.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe File created: C:\Program Files\RepairTech\Syncro\Update.exe Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe File created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\7za-x86.dll Jump to dropped file
Drops PE files to the application program directory (C:\ProgramData)
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe File created: C:\ProgramData\Syncro\bin\FilePusher.exe Jump to dropped file
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe File created: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Jump to dropped file
Source: C:\Users\user\Desktop\INVOICE31401001340.exe File created: C:\ProgramData\Syncro\logs\MasterInstaller.log Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe File created: C:\ProgramData\Syncro\logs\Syncro.Installer20240318.log Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe File created: C:\ProgramData\Syncro\logs\Syncro.Installer20240319.log Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe File created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\Syncro.Installer.exe.log Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\InstallUtil.exe File created: C:\ProgramData\Syncro\logs\ServiceInstall.log Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\InstallUtil.exe File created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\InstallUtil.exe.log Jump to behavior

Boot Survival
barindex
Installs Task Scheduler Managed Wrapper
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe File created: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\Microsoft.Win32.TaskScheduler.dll Jump to behavior
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe File created: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\Microsoft.Win32.TaskScheduler.dll
Creates or modifies windows services
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\InstallUtil.exe Registry key created: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Application Jump to behavior
Modifies existing windows services
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Registry key value modified: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SyncroOvermind
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\sc.exe sc failure Syncro reset= 60 actions= restart/5000/restart/10000/restart/60000
Source: C:\Users\user\Desktop\INVOICE31401001340.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\INVOICE31401001340.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\INVOICE31401001340.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\INVOICE31401001340.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\INVOICE31401001340.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\INVOICE31401001340.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\INVOICE31401001340.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\INVOICE31401001340.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\INVOICE31401001340.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\INVOICE31401001340.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\INVOICE31401001340.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\INVOICE31401001340.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\INVOICE31401001340.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\INVOICE31401001340.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\INVOICE31401001340.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\INVOICE31401001340.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\INVOICE31401001340.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\INVOICE31401001340.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\INVOICE31401001340.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\INVOICE31401001340.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\cmd.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\InstallUtil.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\InstallUtil.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\InstallUtil.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\InstallUtil.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\InstallUtil.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\InstallUtil.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\InstallUtil.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\InstallUtil.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\InstallUtil.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\InstallUtil.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\InstallUtil.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\InstallUtil.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\InstallUtil.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\InstallUtil.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\InstallUtil.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\InstallUtil.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\InstallUtil.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\InstallUtil.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\InstallUtil.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\InstallUtil.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\InstallUtil.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\InstallUtil.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\InstallUtil.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\InstallUtil.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\InstallUtil.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\InstallUtil.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\InstallUtil.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\InstallUtil.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\InstallUtil.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\InstallUtil.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\InstallUtil.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\InstallUtil.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\InstallUtil.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\InstallUtil.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\InstallUtil.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\InstallUtil.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\InstallUtil.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\InstallUtil.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\InstallUtil.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\InstallUtil.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Process information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion
barindex
Queries memory information (via WMI often done to detect virtual machines)
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_PhysicalMemory
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_PhysicalMemory
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_PhysicalMemory
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_PhysicalMemory
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_PhysicalMemory
Queries sensitive Plug and Play Device Information (via WMI, Win32_PnPEntity, often done to detect virtual machines)
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_PnPEntity WHERE ConfigManagerErrorCode = 4 OR ConfigManagerErrorCode = 6 OR ConfigManagerErrorCode = 8 OR ConfigManagerErrorCode = 9 OR ConfigManagerErrorCode = 11 OR ConfigManagerErrorCode = 12 OR ConfigManagerErrorCode = 15 OR ConfigManagerErrorCode = 17 OR ConfigManagerErrorCode = 19 OR ConfigManagerErrorCode = 20 OR ConfigManagerErrorCode = 27 OR ConfigManagerErrorCode = 29 OR ConfigManagerErrorCode = 30 OR ConfigManagerErrorCode = 31 OR ConfigManagerErrorCode = 35 OR ConfigManagerErrorCode = 36 OR ConfigManagerErrorCode = 37 OR ConfigManagerErrorCode = 40 OR ConfigManagerErrorCode = 41 OR ConfigManagerErrorCode = 43 OR ConfigManagerErrorCode = 52
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_PnPEntity WHERE ConfigManagerErrorCode = 4 OR ConfigManagerErrorCode = 6 OR ConfigManagerErrorCode = 8 OR ConfigManagerErrorCode = 9 OR ConfigManagerErrorCode = 11 OR ConfigManagerErrorCode = 12 OR ConfigManagerErrorCode = 15 OR ConfigManagerErrorCode = 17 OR ConfigManagerErrorCode = 19 OR ConfigManagerErrorCode = 20 OR ConfigManagerErrorCode = 27 OR ConfigManagerErrorCode = 29 OR ConfigManagerErrorCode = 30 OR ConfigManagerErrorCode = 31 OR ConfigManagerErrorCode = 35 OR ConfigManagerErrorCode = 36 OR ConfigManagerErrorCode = 37 OR ConfigManagerErrorCode = 40 OR ConfigManagerErrorCode = 41 OR ConfigManagerErrorCode = 43 OR ConfigManagerErrorCode = 52
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_PnPEntity WHERE ConfigManagerErrorCode = 4 OR ConfigManagerErrorCode = 6 OR ConfigManagerErrorCode = 8 OR ConfigManagerErrorCode = 9 OR ConfigManagerErrorCode = 11 OR ConfigManagerErrorCode = 12 OR ConfigManagerErrorCode = 15 OR ConfigManagerErrorCode = 17 OR ConfigManagerErrorCode = 19 OR ConfigManagerErrorCode = 20 OR ConfigManagerErrorCode = 27 OR ConfigManagerErrorCode = 29 OR ConfigManagerErrorCode = 30 OR ConfigManagerErrorCode = 31 OR ConfigManagerErrorCode = 35 OR ConfigManagerErrorCode = 36 OR ConfigManagerErrorCode = 37 OR ConfigManagerErrorCode = 40 OR ConfigManagerErrorCode = 41 OR ConfigManagerErrorCode = 43 OR ConfigManagerErrorCode = 52
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_PnPEntity WHERE ConfigManagerErrorCode = 4 OR ConfigManagerErrorCode = 6 OR ConfigManagerErrorCode = 8 OR ConfigManagerErrorCode = 9 OR ConfigManagerErrorCode = 11 OR ConfigManagerErrorCode = 12 OR ConfigManagerErrorCode = 15 OR ConfigManagerErrorCode = 17 OR ConfigManagerErrorCode = 19 OR ConfigManagerErrorCode = 20 OR ConfigManagerErrorCode = 27 OR ConfigManagerErrorCode = 29 OR ConfigManagerErrorCode = 30 OR ConfigManagerErrorCode = 31 OR ConfigManagerErrorCode = 35 OR ConfigManagerErrorCode = 36 OR ConfigManagerErrorCode = 37 OR ConfigManagerErrorCode = 40 OR ConfigManagerErrorCode = 41 OR ConfigManagerErrorCode = 43 OR ConfigManagerErrorCode = 52
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_PnPEntity WHERE ConfigManagerErrorCode = 4 OR ConfigManagerErrorCode = 6 OR ConfigManagerErrorCode = 8 OR ConfigManagerErrorCode = 9 OR ConfigManagerErrorCode = 11 OR ConfigManagerErrorCode = 12 OR ConfigManagerErrorCode = 15 OR ConfigManagerErrorCode = 17 OR ConfigManagerErrorCode = 19 OR ConfigManagerErrorCode = 20 OR ConfigManagerErrorCode = 27 OR ConfigManagerErrorCode = 29 OR ConfigManagerErrorCode = 30 OR ConfigManagerErrorCode = 31 OR ConfigManagerErrorCode = 35 OR ConfigManagerErrorCode = 36 OR ConfigManagerErrorCode = 37 OR ConfigManagerErrorCode = 40 OR ConfigManagerErrorCode = 41 OR ConfigManagerErrorCode = 43 OR ConfigManagerErrorCode = 52
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_PnPEntity WHERE ConfigManagerErrorCode = 4 OR ConfigManagerErrorCode = 6 OR ConfigManagerErrorCode = 8 OR ConfigManagerErrorCode = 9 OR ConfigManagerErrorCode = 11 OR ConfigManagerErrorCode = 12 OR ConfigManagerErrorCode = 15 OR ConfigManagerErrorCode = 17 OR ConfigManagerErrorCode = 19 OR ConfigManagerErrorCode = 20 OR ConfigManagerErrorCode = 27 OR ConfigManagerErrorCode = 29 OR ConfigManagerErrorCode = 30 OR ConfigManagerErrorCode = 31 OR ConfigManagerErrorCode = 35 OR ConfigManagerErrorCode = 36 OR ConfigManagerErrorCode = 37 OR ConfigManagerErrorCode = 40 OR ConfigManagerErrorCode = 41 OR ConfigManagerErrorCode = 43 OR ConfigManagerErrorCode = 52
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_PnPEntity WHERE ConfigManagerErrorCode = 4 OR ConfigManagerErrorCode = 6 OR ConfigManagerErrorCode = 8 OR ConfigManagerErrorCode = 9 OR ConfigManagerErrorCode = 11 OR ConfigManagerErrorCode = 12 OR ConfigManagerErrorCode = 15 OR ConfigManagerErrorCode = 17 OR ConfigManagerErrorCode = 19 OR ConfigManagerErrorCode = 20 OR ConfigManagerErrorCode = 27 OR ConfigManagerErrorCode = 29 OR ConfigManagerErrorCode = 30 OR ConfigManagerErrorCode = 31 OR ConfigManagerErrorCode = 35 OR ConfigManagerErrorCode = 36 OR ConfigManagerErrorCode = 37 OR ConfigManagerErrorCode = 40 OR ConfigManagerErrorCode = 41 OR ConfigManagerErrorCode = 43 OR ConfigManagerErrorCode = 52
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_PnPEntity WHERE ConfigManagerErrorCode = 4 OR ConfigManagerErrorCode = 6 OR ConfigManagerErrorCode = 8 OR ConfigManagerErrorCode = 9 OR ConfigManagerErrorCode = 11 OR ConfigManagerErrorCode = 12 OR ConfigManagerErrorCode = 15 OR ConfigManagerErrorCode = 17 OR ConfigManagerErrorCode = 19 OR ConfigManagerErrorCode = 20 OR ConfigManagerErrorCode = 27 OR ConfigManagerErrorCode = 29 OR ConfigManagerErrorCode = 30 OR ConfigManagerErrorCode = 31 OR ConfigManagerErrorCode = 35 OR ConfigManagerErrorCode = 36 OR ConfigManagerErrorCode = 37 OR ConfigManagerErrorCode = 40 OR ConfigManagerErrorCode = 41 OR ConfigManagerErrorCode = 43 OR ConfigManagerErrorCode = 52
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_PnPEntity WHERE ConfigManagerErrorCode = 4 OR ConfigManagerErrorCode = 6 OR ConfigManagerErrorCode = 8 OR ConfigManagerErrorCode = 9 OR ConfigManagerErrorCode = 11 OR ConfigManagerErrorCode = 12 OR ConfigManagerErrorCode = 15 OR ConfigManagerErrorCode = 17 OR ConfigManagerErrorCode = 19 OR ConfigManagerErrorCode = 20 OR ConfigManagerErrorCode = 27 OR ConfigManagerErrorCode = 29 OR ConfigManagerErrorCode = 30 OR ConfigManagerErrorCode = 31 OR ConfigManagerErrorCode = 35 OR ConfigManagerErrorCode = 36 OR ConfigManagerErrorCode = 37 OR ConfigManagerErrorCode = 40 OR ConfigManagerErrorCode = 41 OR ConfigManagerErrorCode = 43 OR ConfigManagerErrorCode = 52
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_PnPEntity WHERE ConfigManagerErrorCode = 4 OR ConfigManagerErrorCode = 6 OR ConfigManagerErrorCode = 8 OR ConfigManagerErrorCode = 9 OR ConfigManagerErrorCode = 11 OR ConfigManagerErrorCode = 12 OR ConfigManagerErrorCode = 15 OR ConfigManagerErrorCode = 17 OR ConfigManagerErrorCode = 19 OR ConfigManagerErrorCode = 20 OR ConfigManagerErrorCode = 27 OR ConfigManagerErrorCode = 29 OR ConfigManagerErrorCode = 30 OR ConfigManagerErrorCode = 31 OR ConfigManagerErrorCode = 35 OR ConfigManagerErrorCode = 36 OR ConfigManagerErrorCode = 37 OR ConfigManagerErrorCode = 40 OR ConfigManagerErrorCode = 41 OR ConfigManagerErrorCode = 43 OR ConfigManagerErrorCode = 52
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_PnPEntity WHERE ConfigManagerErrorCode = 4 OR ConfigManagerErrorCode = 6 OR ConfigManagerErrorCode = 8 OR ConfigManagerErrorCode = 9 OR ConfigManagerErrorCode = 11 OR ConfigManagerErrorCode = 12 OR ConfigManagerErrorCode = 15 OR ConfigManagerErrorCode = 17 OR ConfigManagerErrorCode = 19 OR ConfigManagerErrorCode = 20 OR ConfigManagerErrorCode = 27 OR ConfigManagerErrorCode = 29 OR ConfigManagerErrorCode = 30 OR ConfigManagerErrorCode = 31 OR ConfigManagerErrorCode = 35 OR ConfigManagerErrorCode = 36 OR ConfigManagerErrorCode = 37 OR ConfigManagerErrorCode = 40 OR ConfigManagerErrorCode = 41 OR ConfigManagerErrorCode = 43 OR ConfigManagerErrorCode = 52
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_PnPEntity WHERE ConfigManagerErrorCode = 4 OR ConfigManagerErrorCode = 6 OR ConfigManagerErrorCode = 8 OR ConfigManagerErrorCode = 9 OR ConfigManagerErrorCode = 11 OR ConfigManagerErrorCode = 12 OR ConfigManagerErrorCode = 15 OR ConfigManagerErrorCode = 17 OR ConfigManagerErrorCode = 19 OR ConfigManagerErrorCode = 20 OR ConfigManagerErrorCode = 27 OR ConfigManagerErrorCode = 29 OR ConfigManagerErrorCode = 30 OR ConfigManagerErrorCode = 31 OR ConfigManagerErrorCode = 35 OR ConfigManagerErrorCode = 36 OR ConfigManagerErrorCode = 37 OR ConfigManagerErrorCode = 40 OR ConfigManagerErrorCode = 41 OR ConfigManagerErrorCode = 43 OR ConfigManagerErrorCode = 52
Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_DiskDrive
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_DiskDrive
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_DiskDrive
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_DiskDrive
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_DiskDrive
Source: C:\Program Files\RepairTech\LiveAgent\SyncroLive.Agent.Runner.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Program Files\RepairTech\LiveAgent\SyncroLive.Agent.Runner.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive WHERE Model = &apos;NVXHP67W SCSI Disk Device&apos;
Source: C:\Program Files\RepairTech\LiveAgent\SyncroLive.Agent.Runner.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive WHERE Model = &apos;Unknown Model&apos;
Source: C:\Program Files\RepairTech\LiveAgent\SyncroLive.Agent.Runner.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Program Files\RepairTech\LiveAgent\SyncroLive.Agent.Runner.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive WHERE Model = &apos;NVXHP67W SCSI Disk Device&apos;
Source: C:\Program Files\RepairTech\LiveAgent\SyncroLive.Agent.Runner.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive WHERE Model = &apos;Unknown Model&apos;
Queries sensitive physical memory information (via WMI, Win32_PhysicalMemory, often done to detect virtual machines)
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_PhysicalMemory
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_PhysicalMemory
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_PhysicalMemory
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_PhysicalMemory
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_PhysicalMemory
Queries sensitive service information (via WMI, MSSMBios_RawSMBiosTables, often done to detect sandboxes)
Source: C:\Program Files\RepairTech\LiveAgent\SyncroLive.Agent.Runner.exe WMI Queries: IWbemServices::ExecQuery - root\WMI : SELECT * FROM MSSMBios_RawSMBiosTables
Queries sensitive service information (via WMI, Win32_LogicalDisk, often done to detect sandboxes)
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_LogicalDisk where DriveType = 3
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_LogicalDisk where DriveType = 3
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_LogicalDisk where DriveType = 3
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_LogicalDisk where DriveType = 3
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_LogicalDisk where DriveType = 3
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_VideoController
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_VideoController
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_VideoController
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_VideoController
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_VideoController
Allocates memory with a write watch (potentially for evading sandboxes)
Source: C:\Users\user\Desktop\INVOICE31401001340.exe Memory allocated: 13B0000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\INVOICE31401001340.exe Memory allocated: 1B180000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Memory allocated: 21C73250000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Memory allocated: 21C74C60000 memory reserve | memory write watch Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\InstallUtil.exe Memory allocated: 20709780000 memory reserve | memory write watch Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\InstallUtil.exe Memory allocated: 20723290000 memory reserve | memory write watch Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Memory allocated: 22A60E30000 memory reserve | memory write watch Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Memory allocated: 22A79460000 memory reserve | memory write watch Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Memory allocated: 2133C570000 memory reserve | memory write watch
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Memory allocated: 21355D80000 memory reserve | memory write watch
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Memory allocated: 172060B0000 memory reserve | memory write watch
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Memory allocated: 1721E570000 memory reserve | memory write watch
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Memory allocated: 23C0EA40000 memory reserve | memory write watch
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Memory allocated: 23C27230000 memory reserve | memory write watch
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Memory allocated: 218BC7E0000 memory reserve | memory write watch
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Memory allocated: 218D6290000 memory reserve | memory write watch
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Memory allocated: 2CB567D0000 memory reserve | memory write watch
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Memory allocated: 2CB703B0000 memory reserve | memory write watch
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Memory allocated: 20770D50000 memory reserve | memory write watch
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Memory allocated: 20772650000 memory reserve | memory write watch
Source: C:\Program Files\RepairTech\LiveAgent\SyncroLive.Service.Runner.exe Memory allocated: 238540A0000 memory reserve | memory write watch
Source: C:\Program Files\RepairTech\LiveAgent\SyncroLive.Service.Runner.exe Memory allocated: 2386C780000 memory reserve | memory write watch
Source: C:\Program Files\RepairTech\LiveAgent\SyncroLive.Agent.Runner.exe Memory allocated: 2296FA00000 memory reserve | memory write watch
Source: C:\Program Files\RepairTech\LiveAgent\SyncroLive.Agent.Runner.exe Memory allocated: 229713B0000 memory reserve | memory write watch
Contains functionality to detect virtual machines (SLDT)
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Code function: 9_2_00007FFD34B40FA9 sldt word ptr [eax] 9_2_00007FFD34B40FA9
Contains long sleeps (>= 3 min)
Source: C:\Users\user\Desktop\INVOICE31401001340.exe Thread delayed: delay time: 922337203685477 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Thread delayed: delay time: 922337203685477 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Thread delayed: delay time: 600000 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Thread delayed: delay time: 599888 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Thread delayed: delay time: 599781 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Thread delayed: delay time: 599672 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Thread delayed: delay time: 599562 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Thread delayed: delay time: 599453 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Thread delayed: delay time: 599344 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Thread delayed: delay time: 599234 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Thread delayed: delay time: 599117 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Thread delayed: delay time: 599015 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Thread delayed: delay time: 598906 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Thread delayed: delay time: 598797 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Thread delayed: delay time: 598687 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Thread delayed: delay time: 598578 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Thread delayed: delay time: 598469 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Thread delayed: delay time: 598344 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Thread delayed: delay time: 598231 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Thread delayed: delay time: 598117 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Thread delayed: delay time: 598000 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Thread delayed: delay time: 597890 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Thread delayed: delay time: 597781 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Thread delayed: delay time: 597672 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Thread delayed: delay time: 597562 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Thread delayed: delay time: 597453 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Thread delayed: delay time: 597344 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Thread delayed: delay time: 597234 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Thread delayed: delay time: 597118 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Thread delayed: delay time: 597015 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Thread delayed: delay time: 596906 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Thread delayed: delay time: 596796 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Thread delayed: delay time: 596687 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Thread delayed: delay time: 596578 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Thread delayed: delay time: 596468 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Thread delayed: delay time: 596359 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Thread delayed: delay time: 596250 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Thread delayed: delay time: 596139 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Thread delayed: delay time: 596027 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Thread delayed: delay time: 595922 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Thread delayed: delay time: 595804 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Thread delayed: delay time: 595687 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Thread delayed: delay time: 595578 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Thread delayed: delay time: 595451 Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\InstallUtil.exe Thread delayed: delay time: 922337203685477 Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Thread delayed: delay time: 922337203685477 Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Thread delayed: delay time: 922337203685477
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Thread delayed: delay time: 922337203685477
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Thread delayed: delay time: 922337203685477
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Thread delayed: delay time: 1800000
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Thread delayed: delay time: 1799860
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Thread delayed: delay time: 1799735
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Thread delayed: delay time: 1798750
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Thread delayed: delay time: 922337203685477
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Thread delayed: delay time: 922337203685477
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Thread delayed: delay time: 922337203685477
Source: C:\Program Files\RepairTech\LiveAgent\SyncroLive.Service.Runner.exe Thread delayed: delay time: 922337203685477
Source: C:\Program Files\RepairTech\LiveAgent\SyncroLive.Service.Runner.exe Thread delayed: delay time: 301372
Source: C:\Program Files\RepairTech\LiveAgent\SyncroLive.Service.Runner.exe Thread delayed: delay time: 301238
Source: C:\Program Files\RepairTech\LiveAgent\SyncroLive.Service.Runner.exe Thread delayed: delay time: 301112
Source: C:\Program Files\RepairTech\LiveAgent\SyncroLive.Service.Runner.exe Thread delayed: delay time: 300987
Source: C:\Program Files\RepairTech\LiveAgent\SyncroLive.Service.Runner.exe Thread delayed: delay time: 300403
Source: C:\Program Files\RepairTech\LiveAgent\SyncroLive.Service.Runner.exe Thread delayed: delay time: 297418
Source: C:\Program Files\RepairTech\LiveAgent\SyncroLive.Service.Runner.exe Thread delayed: delay time: 296372
Source: C:\Program Files\RepairTech\LiveAgent\SyncroLive.Service.Runner.exe Thread delayed: delay time: 295340
Source: C:\Program Files\RepairTech\LiveAgent\SyncroLive.Agent.Runner.exe Thread delayed: delay time: 922337203685477
Source: C:\Program Files\RepairTech\LiveAgent\SyncroLive.Agent.Runner.exe Thread delayed: delay time: 922337203685477
Source: C:\Program Files\RepairTech\LiveAgent\SyncroLive.Agent.Runner.exe Thread delayed: delay time: 922337203685477
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Window / User API: threadDelayed 1469 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Window / User API: threadDelayed 8113 Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Window / User API: threadDelayed 3712 Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Window / User API: threadDelayed 5359 Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Window / User API: threadDelayed 4017
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Window / User API: threadDelayed 5764
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Window / User API: threadDelayed 1593
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Window / User API: threadDelayed 7719
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Window / User API: threadDelayed 3508
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Window / User API: threadDelayed 6310
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Window / User API: threadDelayed 7978
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Window / User API: threadDelayed 1806
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Window / User API: threadDelayed 9084
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Window / User API: threadDelayed 364
Source: C:\Program Files\RepairTech\LiveAgent\SyncroLive.Service.Runner.exe Window / User API: threadDelayed 3879
Source: C:\Program Files\RepairTech\LiveAgent\SyncroLive.Agent.Runner.exe Window / User API: threadDelayed 1109
Found dropped PE file which has not been started or loaded
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Dropped PE file which has not been started: C:\Program Files\RepairTech\LiveAgent\app-0.0.66.14351~f7fcc35a2d1947f693e0732f444c406e\Flurl.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Dropped PE file which has not been started: C:\Program Files\RepairTech\LiveAgent\app-0.0.68.15635~b3ea396ce3964d88b4b8425873431883\SyncroLive.Service.exe Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Dropped PE file which has not been started: C:\Program Files\RepairTech\LiveAgent\app-0.0.66.14351~f7fcc35a2d1947f693e0732f444c406e\Interop.NetFwTypeLib.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Dropped PE file which has not been started: C:\Program Files\RepairTech\LiveAgent\app-0.0.66.14351~f7fcc35a2d1947f693e0732f444c406e\Serilog.Sinks.Console.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Dropped PE file which has not been started: C:\Program Files\RepairTech\LiveAgent\app-0.0.66.14351~f7fcc35a2d1947f693e0732f444c406e\Microsoft.Data.Services.Client.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Dropped PE file which has not been started: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\Syncro.Service.Models.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Dropped PE file which has not been started: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\System.Threading.Tasks.Extensions.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Dropped PE file which has not been started: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\System.Net.WebSockets.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Dropped PE file which has not been started: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\Syncro.Uninstaller.Tools.exe Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Dropped PE file which has not been started: C:\Program Files\RepairTech\LiveAgent\app-0.0.66.14351~f7fcc35a2d1947f693e0732f444c406e\x86\turbojpeg.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Dropped PE file which has not been started: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\System.Net.WebSockets.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Dropped PE file which has not been started: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\MetroFramework.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Dropped PE file which has not been started: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\RepairTech.Common.Tools.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Dropped PE file which has not been started: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\System.Security.Cryptography.Algorithms.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Dropped PE file which has not been started: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\MetroFramework.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Dropped PE file which has not been started: C:\Program Files\RepairTech\LiveAgent\app-0.0.68.15635~b3ea396ce3964d88b4b8425873431883\SyncroLive.Agent.exe Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Dropped PE file which has not been started: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\System.Security.Cryptography.Algorithms.dll Jump to dropped file
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Dropped PE file which has not been started: C:\ProgramData\Syncro\bin\FilePusher.exe Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Dropped PE file which has not been started: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\Serilog.Formatting.Compact.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Dropped PE file which has not been started: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\Telerik.Windows.Controls.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Dropped PE file which has not been started: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\Syncro.Uninstaller.Tools.exe Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Dropped PE file which has not been started: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\System.Security.Cryptography.Encoding.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Dropped PE file which has not been started: C:\Program Files\RepairTech\LiveAgent\app-0.0.66.14351~f7fcc35a2d1947f693e0732f444c406e\Mixpanel.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Dropped PE file which has not been started: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\CSharpFunctionalExtensions.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Dropped PE file which has not been started: C:\Program Files\RepairTech\LiveAgent\app-0.0.66.14351~f7fcc35a2d1947f693e0732f444c406e\DeltaCompressionDotNet.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Dropped PE file which has not been started: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\DeltaCompressionDotNet.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Dropped PE file which has not been started: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\FluentCommandLineParser.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Dropped PE file which has not been started: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\Syncro.Service.Models.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Dropped PE file which has not been started: C:\Program Files\RepairTech\LiveAgent\app-0.0.68.15635~b3ea396ce3964d88b4b8425873431883\SharpDX.Mathematics.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Dropped PE file which has not been started: C:\Program Files\RepairTech\LiveAgent\app-0.0.68.15635~b3ea396ce3964d88b4b8425873431883\Topshelf.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Dropped PE file which has not been started: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\RollbarSharp.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Dropped PE file which has not been started: C:\Program Files\RepairTech\LiveAgent\app-0.0.68.15635~b3ea396ce3964d88b4b8425873431883\CSharpFunctionalExtensions.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Dropped PE file which has not been started: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\Destructurama.Attributed.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Dropped PE file which has not been started: C:\Program Files\RepairTech\LiveAgent\app-0.0.68.15635~b3ea396ce3964d88b4b8425873431883\x86\turbojpeg.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Dropped PE file which has not been started: C:\Program Files\RepairTech\LiveAgent\app-0.0.66.14351~f7fcc35a2d1947f693e0732f444c406e\System.Management.Automation.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Dropped PE file which has not been started: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Dropped PE file which has not been started: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\Interop.WUApiLib.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Dropped PE file which has not been started: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\Telerik.Windows.Controls.Navigation.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Dropped PE file which has not been started: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\Serilog.Sinks.Console.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Dropped PE file which has not been started: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\NuGet.Squirrel.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Dropped PE file which has not been started: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\Microsoft.Win32.TaskScheduler.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Dropped PE file which has not been started: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\Microsoft.Data.Edm.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Dropped PE file which has not been started: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\Telerik.Windows.Controls.ConversationalUI.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Dropped PE file which has not been started: C:\Program Files\RepairTech\LiveAgent\app-0.0.68.15635~b3ea396ce3964d88b4b8425873431883\JetBrains.Annotations.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Dropped PE file which has not been started: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\Syncro.Service.Configuration.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Dropped PE file which has not been started: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\Newtonsoft.Json.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Dropped PE file which has not been started: C:\Program Files\RepairTech\LiveAgent\app-0.0.66.14351~f7fcc35a2d1947f693e0732f444c406e\RollbarSharp.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Dropped PE file which has not been started: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\Microsoft.Web.XmlTransform.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Dropped PE file which has not been started: C:\Program Files\RepairTech\LiveAgent\app-0.0.66.14351~f7fcc35a2d1947f693e0732f444c406e\Squirrel.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Dropped PE file which has not been started: C:\Program Files\RepairTech\LiveAgent\app-0.0.66.14351~f7fcc35a2d1947f693e0732f444c406e\SharpDX.Mathematics.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Dropped PE file which has not been started: C:\Program Files\RepairTech\LiveAgent\app-0.0.66.14351~f7fcc35a2d1947f693e0732f444c406e\RepairTech.Common.Tools.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Dropped PE file which has not been started: C:\Program Files\RepairTech\LiveAgent\app-0.0.68.15635~b3ea396ce3964d88b4b8425873431883\SharpDX.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Dropped PE file which has not been started: C:\Program Files\RepairTech\LiveAgent\app-0.0.66.14351~f7fcc35a2d1947f693e0732f444c406e\FluentCommandLineParser.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Dropped PE file which has not been started: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\Telerik.Windows.Controls.Input.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Dropped PE file which has not been started: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\Mono.Cecil.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Dropped PE file which has not been started: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\Syncro.Service.exe Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Dropped PE file which has not been started: C:\Program Files\RepairTech\LiveAgent\app-0.0.68.15635~b3ea396ce3964d88b4b8425873431883\Serilog.Sinks.Literate.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Dropped PE file which has not been started: C:\Program Files\RepairTech\LiveAgent\app-0.0.68.15635~b3ea396ce3964d88b4b8425873431883\RepairTech.Common.Wpf.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Dropped PE file which has not been started: C:\Program Files\RepairTech\LiveAgent\app-0.0.68.15635~b3ea396ce3964d88b4b8425873431883\Mono.Cecil.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Dropped PE file which has not been started: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\System.Runtime.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Dropped PE file which has not been started: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\Microsoft.Web.XmlTransform.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Dropped PE file which has not been started: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\System.ValueTuple.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Dropped PE file which has not been started: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\Syncro.Service.Configuration.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Dropped PE file which has not been started: C:\Program Files\RepairTech\LiveAgent\app-0.0.68.15635~b3ea396ce3964d88b4b8425873431883\SharpDX.Direct3D11.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Dropped PE file which has not been started: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\Itenso.TimePeriod.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Dropped PE file which has not been started: C:\Program Files\RepairTech\LiveAgent\app-0.0.68.15635~b3ea396ce3964d88b4b8425873431883\SyncroLive.Interface.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Dropped PE file which has not been started: C:\Program Files\RepairTech\LiveAgent\app-0.0.66.14351~f7fcc35a2d1947f693e0732f444c406e\CSharpFunctionalExtensions.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Dropped PE file which has not been started: C:\Program Files\RepairTech\LiveAgent\app-0.0.66.14351~f7fcc35a2d1947f693e0732f444c406e\Topshelf.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Dropped PE file which has not been started: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\websocket-sharp.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Dropped PE file which has not been started: C:\Program Files\RepairTech\LiveAgent\app-0.0.66.14351~f7fcc35a2d1947f693e0732f444c406e\System.Runtime.CompilerServices.Unsafe.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Dropped PE file which has not been started: C:\Program Files\RepairTech\LiveAgent\app-0.0.68.15635~b3ea396ce3964d88b4b8425873431883\System.ValueTuple.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Dropped PE file which has not been started: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\Microsoft.Win32.TaskScheduler.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Dropped PE file which has not been started: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\Mono.Cecil.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Dropped PE file which has not been started: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\Serilog.Sinks.Literate.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Dropped PE file which has not been started: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\Squirrel.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Dropped PE file which has not been started: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\Serilog.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Dropped PE file which has not been started: C:\Program Files\RepairTech\LiveAgent\app-0.0.68.15635~b3ea396ce3964d88b4b8425873431883\Serilog.Sinks.Console.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Dropped PE file which has not been started: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\ICSharpCode.SharpZipLib.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Dropped PE file which has not been started: C:\Program Files\RepairTech\LiveAgent\app-0.0.66.14351~f7fcc35a2d1947f693e0732f444c406e\SyncroLive.WindowsInput.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Dropped PE file which has not been started: C:\Program Files\RepairTech\LiveAgent\app-0.0.68.15635~b3ea396ce3964d88b4b8425873431883\Newtonsoft.Json.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Dropped PE file which has not been started: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\Syncro.App.Runner.exe Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Dropped PE file which has not been started: C:\Program Files\RepairTech\LiveAgent\app-0.0.68.15635~b3ea396ce3964d88b4b8425873431883\x64\turbojpeg.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Dropped PE file which has not been started: C:\Program Files\RepairTech\LiveAgent\app-0.0.66.14351~f7fcc35a2d1947f693e0732f444c406e\SyncroLive.Agent.Runner.exe Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Dropped PE file which has not been started: C:\Program Files\RepairTech\LiveAgent\app-0.0.68.15635~b3ea396ce3964d88b4b8425873431883\deniszykov.WebSocketListener.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Dropped PE file which has not been started: C:\Program Files\RepairTech\LiveAgent\app-0.0.68.15635~b3ea396ce3964d88b4b8425873431883\Flurl.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Dropped PE file which has not been started: C:\Program Files\RepairTech\LiveAgent\app-0.0.66.14351~f7fcc35a2d1947f693e0732f444c406e\x64\turbojpeg.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Dropped PE file which has not been started: C:\Program Files\RepairTech\LiveAgent\app-0.0.68.15635~b3ea396ce3964d88b4b8425873431883\x86\WebRTC.Native.Internal.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Dropped PE file which has not been started: C:\Program Files\RepairTech\LiveAgent\app-0.0.66.14351~f7fcc35a2d1947f693e0732f444c406e\SyncroLive.Agent.exe Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Dropped PE file which has not been started: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\Syncro.Contracts.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Dropped PE file which has not been started: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\CSharpFunctionalExtensions.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Dropped PE file which has not been started: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\RepairTech.Common.Tools.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Dropped PE file which has not been started: C:\Program Files\RepairTech\LiveAgent\app-0.0.68.15635~b3ea396ce3964d88b4b8425873431883\ZetaLongPaths.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Dropped PE file which has not been started: C:\Program Files\RepairTech\LiveAgent\app-0.0.66.14351~f7fcc35a2d1947f693e0732f444c406e\Microsoft.Data.Edm.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Dropped PE file which has not been started: C:\Program Files\RepairTech\LiveAgent\app-0.0.68.15635~b3ea396ce3964d88b4b8425873431883\Squirrel.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Dropped PE file which has not been started: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\Syncro.App.Runner.exe Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Dropped PE file which has not been started: C:\Program Files\RepairTech\LiveAgent\app-0.0.68.15635~b3ea396ce3964d88b4b8425873431883\OpenHardwareMonitorLib.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Dropped PE file which has not been started: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\7za-x64.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Dropped PE file which has not been started: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\DeltaCompressionDotNet.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Dropped PE file which has not been started: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\Flurl.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Dropped PE file which has not been started: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\SevenZipSharp.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Dropped PE file which has not been started: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\SharpSnmpLib.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Dropped PE file which has not been started: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\Newtonsoft.Json.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Dropped PE file which has not been started: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\System.Runtime.CompilerServices.Unsafe.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Dropped PE file which has not been started: C:\Program Files\RepairTech\LiveAgent\app-0.0.66.14351~f7fcc35a2d1947f693e0732f444c406e\WebRTC.NET.SDK.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Dropped PE file which has not been started: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\JetBrains.Annotations.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Dropped PE file which has not been started: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\UrlCombineLib.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Dropped PE file which has not been started: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\Phoenix.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Dropped PE file which has not been started: C:\Program Files\RepairTech\LiveAgent\app-0.0.66.14351~f7fcc35a2d1947f693e0732f444c406e\Microsoft.Web.XmlTransform.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Dropped PE file which has not been started: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\Syncro.Service.exe Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Dropped PE file which has not been started: C:\Program Files\RepairTech\LiveAgent\app-0.0.68.15635~b3ea396ce3964d88b4b8425873431883\System.Management.Automation.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Dropped PE file which has not been started: C:\Program Files\RepairTech\LiveAgent\app-0.0.66.14351~f7fcc35a2d1947f693e0732f444c406e\OpenHardwareMonitorLib.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Dropped PE file which has not been started: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\Serilog.Sinks.Literate.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Dropped PE file which has not been started: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\Destructurama.Attributed.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Dropped PE file which has not been started: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\Autofac.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Dropped PE file which has not been started: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\Splat.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Dropped PE file which has not been started: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\FluentCommandLineParser.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Dropped PE file which has not been started: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\Telerik.Windows.Controls.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Dropped PE file which has not been started: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\System.Runtime.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Dropped PE file which has not been started: C:\Program Files\RepairTech\LiveAgent\app-0.0.68.15635~b3ea396ce3964d88b4b8425873431883\SyncroLive.WindowsInput.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Dropped PE file which has not been started: C:\Program Files\RepairTech\LiveAgent\app-0.0.66.14351~f7fcc35a2d1947f693e0732f444c406e\Cassia.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Dropped PE file which has not been started: C:\Program Files\RepairTech\LiveAgent\app-0.0.66.14351~f7fcc35a2d1947f693e0732f444c406e\System.Runtime.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Dropped PE file which has not been started: C:\Program Files\RepairTech\LiveAgent\app-0.0.66.14351~f7fcc35a2d1947f693e0732f444c406e\Serilog.Formatting.Compact.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Dropped PE file which has not been started: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\ICSharpCode.SharpZipLib.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Dropped PE file which has not been started: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\Syncro.Uninstaller.exe Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Dropped PE file which has not been started: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\Flurl.Http.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Dropped PE file which has not been started: C:\Program Files\RepairTech\LiveAgent\app-0.0.66.14351~f7fcc35a2d1947f693e0732f444c406e\RepairTech.Common.Wpf.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Dropped PE file which has not been started: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\websocket-sharp.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Dropped PE file which has not been started: C:\Program Files\RepairTech\LiveAgent\app-0.0.66.14351~f7fcc35a2d1947f693e0732f444c406e\Serilog.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Dropped PE file which has not been started: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\System.ValueTuple.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Dropped PE file which has not been started: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\Syncro.Service.Runner.exe Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Dropped PE file which has not been started: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\7za-x86.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Dropped PE file which has not been started: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\System.Security.Cryptography.Encoding.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Dropped PE file which has not been started: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\Serilog.Sinks.File.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Dropped PE file which has not been started: C:\Program Files\RepairTech\LiveAgent\app-0.0.66.14351~f7fcc35a2d1947f693e0732f444c406e\System.ValueTuple.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Dropped PE file which has not been started: C:\Program Files\RepairTech\LiveAgent\app-0.0.68.15635~b3ea396ce3964d88b4b8425873431883\Splat.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Dropped PE file which has not been started: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\System.Spatial.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Dropped PE file which has not been started: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\Serilog.Sinks.File.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Dropped PE file which has not been started: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\Splat.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Dropped PE file which has not been started: C:\Program Files\RepairTech\LiveAgent\app-0.0.66.14351~f7fcc35a2d1947f693e0732f444c406e\SyncroLive.Interface.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Dropped PE file which has not been started: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\Telerik.Windows.Controls.ConversationalUI.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Dropped PE file which has not been started: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\Syncro.Service.Runner.exe Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Dropped PE file which has not been started: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\Syncro.Tools.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Dropped PE file which has not been started: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\SharpCompress.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Dropped PE file which has not been started: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\JetBrains.Annotations.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Dropped PE file which has not been started: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\Flurl.Http.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Dropped PE file which has not been started: C:\Program Files\RepairTech\LiveAgent\app-0.0.66.14351~f7fcc35a2d1947f693e0732f444c406e\Mono.Cecil.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Dropped PE file which has not been started: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\MetroFramework.Fonts.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Dropped PE file which has not been started: C:\Program Files\RepairTech\LiveAgent\app-0.0.68.15635~b3ea396ce3964d88b4b8425873431883\WebRTC.NET.SDK.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Dropped PE file which has not been started: C:\Program Files\RepairTech\LiveAgent\app-0.0.68.15635~b3ea396ce3964d88b4b8425873431883\x64\WebRTC.Native.Internal.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Dropped PE file which has not been started: C:\Program Files\RepairTech\LiveAgent\app-0.0.68.15635~b3ea396ce3964d88b4b8425873431883\Flurl.Http.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Dropped PE file which has not been started: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\Serilog.Formatting.Compact.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Dropped PE file which has not been started: C:\Program Files\RepairTech\LiveAgent\app-0.0.68.15635~b3ea396ce3964d88b4b8425873431883\System.Runtime.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Dropped PE file which has not been started: C:\Program Files\RepairTech\LiveAgent\app-0.0.66.14351~f7fcc35a2d1947f693e0732f444c406e\Flurl.Http.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Dropped PE file which has not been started: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\Microsoft.Data.Services.Client.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Dropped PE file which has not been started: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\Syncro.App.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Dropped PE file which has not been started: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\RepairTech.Common.Wpf.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Dropped PE file which has not been started: C:\Program Files\RepairTech\LiveAgent\app-0.0.66.14351~f7fcc35a2d1947f693e0732f444c406e\JetBrains.Annotations.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Dropped PE file which has not been started: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\SevenZipSharp.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Dropped PE file which has not been started: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\Syncro.Tools.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Dropped PE file which has not been started: C:\Program Files\RepairTech\LiveAgent\app-0.0.68.15635~b3ea396ce3964d88b4b8425873431883\Interop.NetFwTypeLib.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Dropped PE file which has not been started: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\Telerik.Windows.Controls.Input.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Dropped PE file which has not been started: C:\Program Files\RepairTech\LiveAgent\app-0.0.66.14351~f7fcc35a2d1947f693e0732f444c406e\NuGet.Squirrel.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Dropped PE file which has not been started: C:\Program Files\RepairTech\LiveAgent\app-0.0.66.14351~f7fcc35a2d1947f693e0732f444c406e\SharpDX.Direct3D11.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Dropped PE file which has not been started: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\RollbarSharp.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Dropped PE file which has not been started: C:\Program Files\RepairTech\LiveAgent\app-0.0.66.14351~f7fcc35a2d1947f693e0732f444c406e\ZetaLongPaths.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Dropped PE file which has not been started: C:\Program Files\RepairTech\LiveAgent\app-0.0.66.14351~f7fcc35a2d1947f693e0732f444c406e\SyncroLive.Service.Runner.exe Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Dropped PE file which has not been started: C:\Program Files\RepairTech\LiveAgent\app-0.0.66.14351~f7fcc35a2d1947f693e0732f444c406e\SyncroLive.Service.exe Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Dropped PE file which has not been started: C:\Program Files\RepairTech\LiveAgent\app-0.0.68.15635~b3ea396ce3964d88b4b8425873431883\DeltaCompressionDotNet.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Dropped PE file which has not been started: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Dropped PE file which has not been started: C:\Program Files\RepairTech\LiveAgent\app-0.0.66.14351~f7fcc35a2d1947f693e0732f444c406e\deniszykov.WebSocketListener.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Dropped PE file which has not been started: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\Microsoft.Data.OData.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Dropped PE file which has not been started: C:\Program Files\RepairTech\LiveAgent\app-0.0.68.15635~b3ea396ce3964d88b4b8425873431883\Destructurama.Attributed.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Dropped PE file which has not been started: C:\Program Files\RepairTech\LiveAgent\app-0.0.68.15635~b3ea396ce3964d88b4b8425873431883\System.Runtime.CompilerServices.Unsafe.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Dropped PE file which has not been started: C:\Program Files\RepairTech\LiveAgent\app-0.0.68.15635~b3ea396ce3964d88b4b8425873431883\UrlCombineLib.dll Jump to dropped file
Source: C:\Program Files\RepairTech\LiveAgent\SyncroLive.Agent.Runner.exe Dropped PE file which has not been started: C:\Program Files\RepairTech\LiveAgent\app-0.0.68.15635\OpenHardwareMonitorLib.sys Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Dropped PE file which has not been started: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\Itenso.TimePeriod.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Dropped PE file which has not been started: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\Syncro.App.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Dropped PE file which has not been started: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\UrlCombineLib.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Dropped PE file which has not been started: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\Telerik.Windows.Data.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Dropped PE file which has not been started: C:\Program Files\RepairTech\LiveAgent\app-0.0.66.14351~f7fcc35a2d1947f693e0732f444c406e\Serilog.Sinks.File.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Dropped PE file which has not been started: C:\Program Files\RepairTech\LiveAgent\app-0.0.66.14351~f7fcc35a2d1947f693e0732f444c406e\Newtonsoft.Json.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Dropped PE file which has not been started: C:\Program Files\RepairTech\LiveAgent\app-0.0.68.15635~b3ea396ce3964d88b4b8425873431883\Serilog.Sinks.File.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Dropped PE file which has not been started: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\Telerik.Windows.Data.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Dropped PE file which has not been started: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\RepairTech.Common.Wpf.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Dropped PE file which has not been started: C:\Program Files\RepairTech\LiveAgent\app-0.0.66.14351~f7fcc35a2d1947f693e0732f444c406e\Splat.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Dropped PE file which has not been started: C:\Program Files\RepairTech\LiveAgent\app-0.0.66.14351~f7fcc35a2d1947f693e0732f444c406e\Microsoft.Data.OData.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Dropped PE file which has not been started: C:\Program Files\RepairTech\LiveAgent\app-0.0.68.15635~b3ea396ce3964d88b4b8425873431883\System.Numerics.Vectors.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Dropped PE file which has not been started: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\RestSharp.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Dropped PE file which has not been started: C:\Program Files\RepairTech\LiveAgent\app-0.0.66.14351~f7fcc35a2d1947f693e0732f444c406e\UrlCombineLib.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Dropped PE file which has not been started: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\Serilog.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Dropped PE file which has not been started: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\SharpSnmpLib.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Dropped PE file which has not been started: C:\Program Files\RepairTech\LiveAgent\app-0.0.66.14351~f7fcc35a2d1947f693e0732f444c406e\Destructurama.Attributed.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Dropped PE file which has not been started: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\Interop.NetFwTypeLib.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Dropped PE file which has not been started: C:\Program Files\RepairTech\LiveAgent\app-0.0.68.15635~b3ea396ce3964d88b4b8425873431883\Serilog.Formatting.Compact.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Dropped PE file which has not been started: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\7za-x64.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Dropped PE file which has not been started: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\System.Threading.Tasks.Extensions.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Dropped PE file which has not been started: C:\Program Files\RepairTech\LiveAgent\app-0.0.66.14351~f7fcc35a2d1947f693e0732f444c406e\Serilog.Sinks.Literate.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Dropped PE file which has not been started: C:\Program Files\RepairTech\LiveAgent\app-0.0.68.15635~b3ea396ce3964d88b4b8425873431883\Cassia.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Dropped PE file which has not been started: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\Syncro.Contracts.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Dropped PE file which has not been started: C:\Program Files\RepairTech\LiveAgent\app-0.0.66.14351~f7fcc35a2d1947f693e0732f444c406e\SharpCompress.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Dropped PE file which has not been started: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\System.Runtime.CompilerServices.Unsafe.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Dropped PE file which has not been started: C:\Program Files\RepairTech\LiveAgent\app-0.0.66.14351~f7fcc35a2d1947f693e0732f444c406e\System.Numerics.Vectors.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Dropped PE file which has not been started: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\Syncro.Uninstaller.exe Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Dropped PE file which has not been started: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\Serilog.Sinks.Console.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Dropped PE file which has not been started: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\Interop.IWshRuntimeLibrary.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Dropped PE file which has not been started: C:\Program Files\RepairTech\LiveAgent\app-0.0.68.15635~b3ea396ce3964d88b4b8425873431883\Microsoft.Web.XmlTransform.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Dropped PE file which has not been started: C:\Program Files\RepairTech\LiveAgent\app-0.0.68.15635~b3ea396ce3964d88b4b8425873431883\Serilog.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Dropped PE file which has not been started: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\Interop.WUApiLib.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Dropped PE file which has not been started: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\Squirrel.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Dropped PE file which has not been started: C:\Program Files\RepairTech\LiveAgent\app-0.0.68.15635~b3ea396ce3964d88b4b8425873431883\RepairTech.Common.Tools.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Dropped PE file which has not been started: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\Interop.IWshRuntimeLibrary.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Dropped PE file which has not been started: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\Flurl.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Dropped PE file which has not been started: C:\Program Files\RepairTech\LiveAgent\app-0.0.68.15635~b3ea396ce3964d88b4b8425873431883\FluentCommandLineParser.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Dropped PE file which has not been started: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\Autofac.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Dropped PE file which has not been started: C:\Program Files\RepairTech\LiveAgent\app-0.0.66.14351~f7fcc35a2d1947f693e0732f444c406e\x86\WebRTC.Native.Internal.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Dropped PE file which has not been started: C:\Program Files\RepairTech\LiveAgent\app-0.0.68.15635~b3ea396ce3964d88b4b8425873431883\NuGet.Squirrel.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Dropped PE file which has not been started: C:\Program Files\RepairTech\LiveAgent\app-0.0.66.14351~f7fcc35a2d1947f693e0732f444c406e\x64\WebRTC.Native.Internal.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Dropped PE file which has not been started: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\MetroFramework.Fonts.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Dropped PE file which has not been started: C:\Program Files\RepairTech\LiveAgent\app-0.0.66.14351~f7fcc35a2d1947f693e0732f444c406e\System.Spatial.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Dropped PE file which has not been started: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\Phoenix.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Dropped PE file which has not been started: C:\Program Files\RepairTech\Syncro\app-1.0.182.15915~47589abca4a94d61b03f0bb13cc3604c\Telerik.Windows.Controls.Navigation.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Dropped PE file which has not been started: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\NuGet.Squirrel.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Dropped PE file which has not been started: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\Interop.NetFwTypeLib.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Dropped PE file which has not been started: C:\Program Files\RepairTech\LiveAgent\app-0.0.68.15635~b3ea396ce3964d88b4b8425873431883\RollbarSharp.dll Jump to dropped file
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Dropped PE file which has not been started: C:\Program Files\RepairTech\LiveAgent\app-0.0.66.14351~f7fcc35a2d1947f693e0732f444c406e\SharpDX.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Dropped PE file which has not been started: C:\Program Files\RepairTech\Syncro\Update.exe Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Dropped PE file which has not been started: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\7za-x86.dll Jump to dropped file
Is looking for software installed on the system
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Registry key enumerated: More than 409 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
May sleep (evasive loops) to hinder dynamic analysis
Source: C:\Users\user\Desktop\INVOICE31401001340.exe TID: 716 Thread sleep time: -922337203685477s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe TID: 1656 Thread sleep time: -9223372036854770s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe TID: 1656 Thread sleep time: -30000s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe TID: 1656 Thread sleep time: -600000s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe TID: 1656 Thread sleep time: -599888s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe TID: 1656 Thread sleep time: -599781s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe TID: 1656 Thread sleep time: -599672s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe TID: 1656 Thread sleep time: -599562s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe TID: 1656 Thread sleep time: -599453s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe TID: 1656 Thread sleep time: -599344s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe TID: 1656 Thread sleep time: -599234s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe TID: 1656 Thread sleep time: -599117s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe TID: 1656 Thread sleep time: -599015s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe TID: 1656 Thread sleep time: -598906s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe TID: 1656 Thread sleep time: -598797s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe TID: 1656 Thread sleep time: -598687s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe TID: 1656 Thread sleep time: -598578s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe TID: 1656 Thread sleep time: -598469s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe TID: 1656 Thread sleep time: -598344s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe TID: 1656 Thread sleep time: -598231s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe TID: 1656 Thread sleep time: -598117s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe TID: 1656 Thread sleep time: -598000s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe TID: 1656 Thread sleep time: -597890s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe TID: 1656 Thread sleep time: -597781s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe TID: 1656 Thread sleep time: -597672s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe TID: 1656 Thread sleep time: -597562s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe TID: 1656 Thread sleep time: -597453s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe TID: 1656 Thread sleep time: -597344s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe TID: 1656 Thread sleep time: -597234s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe TID: 1656 Thread sleep time: -597118s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe TID: 1656 Thread sleep time: -597015s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe TID: 1656 Thread sleep time: -596906s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe TID: 1656 Thread sleep time: -596796s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe TID: 1656 Thread sleep time: -596687s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe TID: 1656 Thread sleep time: -596578s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe TID: 1656 Thread sleep time: -596468s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe TID: 1656 Thread sleep time: -596359s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe TID: 1656 Thread sleep time: -596250s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe TID: 1656 Thread sleep time: -596139s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe TID: 1656 Thread sleep time: -596027s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe TID: 1656 Thread sleep time: -595922s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe TID: 1656 Thread sleep time: -595804s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe TID: 1656 Thread sleep time: -595687s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe TID: 1656 Thread sleep time: -595578s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe TID: 1656 Thread sleep time: -595451s >= -30000s Jump to behavior
Source: C:\Windows\System32\svchost.exe TID: 3892 Thread sleep time: -30000s >= -30000s Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\InstallUtil.exe TID: 5776 Thread sleep time: -922337203685477s >= -30000s Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe TID: 3392 Thread sleep count: 3712 > 30 Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe TID: 3392 Thread sleep count: 5359 > 30 Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe TID: 4060 Thread sleep time: -16602069666338586s >= -30000s Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe TID: 4060 Thread sleep time: -60000s >= -30000s Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe TID: 4060 Thread sleep time: -59875s >= -30000s Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe TID: 4060 Thread sleep time: -59765s >= -30000s Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe TID: 4060 Thread sleep time: -59657s >= -30000s Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe TID: 4060 Thread sleep time: -59545s >= -30000s Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe TID: 4060 Thread sleep time: -59422s >= -30000s Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe TID: 4060 Thread sleep time: -59313s >= -30000s Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe TID: 4060 Thread sleep time: -59188s >= -30000s Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe TID: 4060 Thread sleep time: -59076s >= -30000s Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe TID: 4060 Thread sleep time: -58954s >= -30000s Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe TID: 4060 Thread sleep time: -58829s >= -30000s Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe TID: 4060 Thread sleep time: -58704s >= -30000s Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe TID: 4060 Thread sleep time: -58592s >= -30000s Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe TID: 4060 Thread sleep time: -58476s >= -30000s Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe TID: 4060 Thread sleep time: -58337s >= -30000s Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe TID: 4060 Thread sleep time: -58234s >= -30000s Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe TID: 4060 Thread sleep time: -58124s >= -30000s Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe TID: 4060 Thread sleep time: -58002s >= -30000s Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe TID: 4060 Thread sleep time: -57875s >= -30000s Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe TID: 4060 Thread sleep time: -57766s >= -30000s Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe TID: 4060 Thread sleep time: -57655s >= -30000s Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe TID: 4060 Thread sleep time: -57516s >= -30000s Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe TID: 4060 Thread sleep time: -57402s >= -30000s Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe TID: 4060 Thread sleep time: -57295s >= -30000s Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe TID: 4060 Thread sleep time: -57172s >= -30000s Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe TID: 4060 Thread sleep time: -57063s >= -30000s Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe TID: 4060 Thread sleep time: -56938s >= -30000s Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe TID: 4060 Thread sleep time: -56828s >= -30000s Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe TID: 4060 Thread sleep time: -56716s >= -30000s Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe TID: 4060 Thread sleep time: -56609s >= -30000s Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe TID: 4060 Thread sleep time: -56469s >= -30000s Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe TID: 4060 Thread sleep time: -56340s >= -30000s Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe TID: 4060 Thread sleep time: -56171s >= -30000s Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe TID: 4060 Thread sleep time: -56061s >= -30000s Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe TID: 4060 Thread sleep time: -55940s >= -30000s Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe TID: 4060 Thread sleep time: -55826s >= -30000s Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe TID: 4060 Thread sleep time: -55713s >= -30000s Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe TID: 4060 Thread sleep time: -55586s >= -30000s Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe TID: 4060 Thread sleep time: -55511s >= -30000s Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe TID: 4060 Thread sleep time: -55402s >= -30000s Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe TID: 4060 Thread sleep time: -55262s >= -30000s Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe TID: 4060 Thread sleep time: -55152s >= -30000s Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe TID: 4060 Thread sleep time: -55030s >= -30000s Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe TID: 4060 Thread sleep time: -54898s >= -30000s Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe TID: 4060 Thread sleep time: -54777s >= -30000s Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe TID: 4060 Thread sleep time: -54654s >= -30000s Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe TID: 4060 Thread sleep time: -54539s >= -30000s Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe TID: 4060 Thread sleep time: -54437s >= -30000s Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe TID: 2748 Thread sleep time: -29514790517935264s >= -30000s
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe TID: 6040 Thread sleep time: -922337203685477s >= -30000s
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe TID: 5356 Thread sleep count: 1593 > 30
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe TID: 5356 Thread sleep count: 7719 > 30
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe TID: 3540 Thread sleep time: -26747778906878833s >= -30000s
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe TID: 3540 Thread sleep time: -1800000s >= -30000s
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe TID: 3540 Thread sleep time: -1799860s >= -30000s
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe TID: 3540 Thread sleep time: -1799735s >= -30000s
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe TID: 3540 Thread sleep time: -100000s >= -30000s
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe TID: 3540 Thread sleep time: -99875s >= -30000s
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe TID: 3540 Thread sleep time: -99766s >= -30000s
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe TID: 3540 Thread sleep time: -99641s >= -30000s
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe TID: 3540 Thread sleep time: -99515s >= -30000s
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe TID: 3540 Thread sleep time: -99406s >= -30000s
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe TID: 3540 Thread sleep time: -99297s >= -30000s
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe TID: 3540 Thread sleep time: -99188s >= -30000s
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe TID: 3540 Thread sleep time: -1798750s >= -30000s
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe TID: 3540 Thread sleep time: -60000s >= -30000s
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe TID: 3540 Thread sleep time: -59875s >= -30000s
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe TID: 3540 Thread sleep time: -59766s >= -30000s
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe TID: 3540 Thread sleep time: -59641s >= -30000s
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe TID: 3540 Thread sleep time: -59532s >= -30000s
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe TID: 3540 Thread sleep time: -59407s >= -30000s
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe TID: 3540 Thread sleep time: -59297s >= -30000s
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe TID: 3540 Thread sleep time: -59188s >= -30000s
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe TID: 3540 Thread sleep time: -59063s >= -30000s
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe TID: 3540 Thread sleep time: -58938s >= -30000s
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe TID: 3540 Thread sleep time: -58813s >= -30000s
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe TID: 3540 Thread sleep time: -58688s >= -30000s
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe TID: 3540 Thread sleep time: -58578s >= -30000s
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe TID: 3540 Thread sleep time: -58452s >= -30000s
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe TID: 3540 Thread sleep time: -58344s >= -30000s
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe TID: 3540 Thread sleep time: -58235s >= -30000s
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe TID: 3540 Thread sleep time: -58125s >= -30000s
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe TID: 3540 Thread sleep time: -58016s >= -30000s
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe TID: 3540 Thread sleep time: -57891s >= -30000s
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe TID: 3540 Thread sleep time: -57766s >= -30000s
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe TID: 3540 Thread sleep time: -57657s >= -30000s
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe TID: 3540 Thread sleep time: -57532s >= -30000s
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe TID: 3540 Thread sleep time: -57407s >= -30000s
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe TID: 3540 Thread sleep time: -57297s >= -30000s
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe TID: 3540 Thread sleep time: -57188s >= -30000s
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe TID: 3540 Thread sleep time: -57063s >= -30000s
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe TID: 3540 Thread sleep time: -56938s >= -30000s
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe TID: 3540 Thread sleep time: -56813s >= -30000s
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe TID: 3540 Thread sleep time: -56688s >= -30000s
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe TID: 3540 Thread sleep time: -56578s >= -30000s
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe TID: 3540 Thread sleep time: -56468s >= -30000s
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe TID: 3540 Thread sleep time: -56360s >= -30000s
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe TID: 3540 Thread sleep time: -56250s >= -30000s
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe TID: 3540 Thread sleep time: -56141s >= -30000s
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe TID: 3540 Thread sleep time: -56016s >= -30000s
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe TID: 2680 Thread sleep time: -26747778906878833s >= -30000s
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe TID: 2988 Thread sleep time: -30437127721620741s >= -30000s
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe TID: 6200 Thread sleep time: -26747778906878833s >= -30000s
Source: C:\Program Files\RepairTech\LiveAgent\SyncroLive.Service.Runner.exe TID: 5840 Thread sleep count: 3879 > 30
Source: C:\Program Files\RepairTech\LiveAgent\SyncroLive.Service.Runner.exe TID: 3184 Thread sleep time: -12912720851596678s >= -30000s
Source: C:\Program Files\RepairTech\LiveAgent\SyncroLive.Service.Runner.exe TID: 3184 Thread sleep time: -301372s >= -30000s
Source: C:\Program Files\RepairTech\LiveAgent\SyncroLive.Service.Runner.exe TID: 3184 Thread sleep time: -301238s >= -30000s
Source: C:\Program Files\RepairTech\LiveAgent\SyncroLive.Service.Runner.exe TID: 3184 Thread sleep time: -301112s >= -30000s
Source: C:\Program Files\RepairTech\LiveAgent\SyncroLive.Service.Runner.exe TID: 3184 Thread sleep time: -300987s >= -30000s
Source: C:\Program Files\RepairTech\LiveAgent\SyncroLive.Service.Runner.exe TID: 3184 Thread sleep time: -300403s >= -30000s
Source: C:\Program Files\RepairTech\LiveAgent\SyncroLive.Service.Runner.exe TID: 3184 Thread sleep time: -297418s >= -30000s
Source: C:\Program Files\RepairTech\LiveAgent\SyncroLive.Service.Runner.exe TID: 3184 Thread sleep time: -296372s >= -30000s
Source: C:\Program Files\RepairTech\LiveAgent\SyncroLive.Service.Runner.exe TID: 5824 Thread sleep count: 289 > 30
Source: C:\Program Files\RepairTech\LiveAgent\SyncroLive.Service.Runner.exe TID: 3184 Thread sleep time: -295340s >= -30000s
Source: C:\Program Files\RepairTech\LiveAgent\SyncroLive.Agent.Runner.exe TID: 4600 Thread sleep time: -1844674407370954s >= -30000s
Source: C:\Program Files\RepairTech\LiveAgent\SyncroLive.Agent.Runner.exe TID: 4600 Thread sleep time: -30000s >= -30000s
Source: C:\Program Files\RepairTech\LiveAgent\SyncroLive.Agent.Runner.exe TID: 5156 Thread sleep time: -2767011611056431s >= -30000s
Source: C:\Program Files\RepairTech\LiveAgent\SyncroLive.Agent.Runner.exe TID: 5156 Thread sleep time: -922337203685477s >= -30000s
Queries disk information (often used to detect virtual machines)
Source: C:\Windows\System32\svchost.exe File opened: PhysicalDrive0 Jump to behavior
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_BaseBoard
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_Bios
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_Bios
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_BaseBoard
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_Bios
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_Bios
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_BaseBoard
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_Bios
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_Bios
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_BaseBoard
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_Bios
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_Bios
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_BaseBoard
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_Bios
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_Bios
Source: C:\Program Files\RepairTech\LiveAgent\SyncroLive.Agent.Runner.exe WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_BaseBoard
Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_ComputerSystem
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_ComputerSystem
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_ComputerSystem
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_ComputerSystem
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_ComputerSystem
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_Processor
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_Processor
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_Processor
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_Processor
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_Processor
Source: C:\Program Files\RepairTech\LiveAgent\SyncroLive.Agent.Runner.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_Processor
Sample execution stops while process was sleeping (likely an evasion)
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Last function: Thread delayed
Source: C:\Program Files\RepairTech\LiveAgent\SyncroLive.Service.Runner.exe Last function: Thread delayed
Source: C:\Program Files\RepairTech\LiveAgent\SyncroLive.Agent.Runner.exe Last function: Thread delayed
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Program Files\RepairTech\LiveAgent\SyncroLive.Agent.Runner.exe File Volume queried: C:\ FullSizeInformation
Source: C:\Program Files\RepairTech\LiveAgent\SyncroLive.Agent.Runner.exe File Volume queried: C:\ FullSizeInformation
Source: C:\Program Files\RepairTech\LiveAgent\SyncroLive.Agent.Runner.exe File Volume queried: \Device\CdRom0\ FullSizeInformation
Source: C:\Program Files\RepairTech\LiveAgent\SyncroLive.Agent.Runner.exe File Volume queried: \Device\CdRom0\ FullSizeInformation
Source: C:\Program Files\RepairTech\LiveAgent\SyncroLive.Agent.Runner.exe File Volume queried: C:\ FullSizeInformation
Source: C:\Program Files\RepairTech\LiveAgent\SyncroLive.Agent.Runner.exe File Volume queried: C:\ FullSizeInformation
Source: C:\Program Files\RepairTech\LiveAgent\SyncroLive.Agent.Runner.exe File Volume queried: \Device\CdRom0\ FullSizeInformation
Source: C:\Program Files\RepairTech\LiveAgent\SyncroLive.Agent.Runner.exe File Volume queried: \Device\CdRom0\ FullSizeInformation
Source: C:\Users\user\Desktop\INVOICE31401001340.exe Thread delayed: delay time: 922337203685477 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Thread delayed: delay time: 922337203685477 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Thread delayed: delay time: 30000 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Thread delayed: delay time: 600000 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Thread delayed: delay time: 599888 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Thread delayed: delay time: 599781 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Thread delayed: delay time: 599672 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Thread delayed: delay time: 599562 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Thread delayed: delay time: 599453 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Thread delayed: delay time: 599344 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Thread delayed: delay time: 599234 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Thread delayed: delay time: 599117 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Thread delayed: delay time: 599015 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Thread delayed: delay time: 598906 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Thread delayed: delay time: 598797 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Thread delayed: delay time: 598687 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Thread delayed: delay time: 598578 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Thread delayed: delay time: 598469 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Thread delayed: delay time: 598344 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Thread delayed: delay time: 598231 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Thread delayed: delay time: 598117 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Thread delayed: delay time: 598000 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Thread delayed: delay time: 597890 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Thread delayed: delay time: 597781 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Thread delayed: delay time: 597672 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Thread delayed: delay time: 597562 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Thread delayed: delay time: 597453 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Thread delayed: delay time: 597344 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Thread delayed: delay time: 597234 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Thread delayed: delay time: 597118 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Thread delayed: delay time: 597015 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Thread delayed: delay time: 596906 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Thread delayed: delay time: 596796 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Thread delayed: delay time: 596687 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Thread delayed: delay time: 596578 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Thread delayed: delay time: 596468 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Thread delayed: delay time: 596359 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Thread delayed: delay time: 596250 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Thread delayed: delay time: 596139 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Thread delayed: delay time: 596027 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Thread delayed: delay time: 595922 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Thread delayed: delay time: 595804 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Thread delayed: delay time: 595687 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Thread delayed: delay time: 595578 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Thread delayed: delay time: 595451 Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\InstallUtil.exe Thread delayed: delay time: 922337203685477 Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Thread delayed: delay time: 922337203685477 Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Thread delayed: delay time: 60000 Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Thread delayed: delay time: 59875 Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Thread delayed: delay time: 59765 Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Thread delayed: delay time: 59657 Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Thread delayed: delay time: 59545 Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Thread delayed: delay time: 59422 Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Thread delayed: delay time: 59313 Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Thread delayed: delay time: 59188 Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Thread delayed: delay time: 59076 Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Thread delayed: delay time: 58954 Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Thread delayed: delay time: 58829 Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Thread delayed: delay time: 58704 Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Thread delayed: delay time: 58592 Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Thread delayed: delay time: 58476 Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Thread delayed: delay time: 58337 Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Thread delayed: delay time: 58234 Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Thread delayed: delay time: 58124 Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Thread delayed: delay time: 58002 Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Thread delayed: delay time: 57875 Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Thread delayed: delay time: 57766 Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Thread delayed: delay time: 57655 Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Thread delayed: delay time: 57516 Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Thread delayed: delay time: 57402 Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Thread delayed: delay time: 57295 Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Thread delayed: delay time: 57172 Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Thread delayed: delay time: 57063 Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Thread delayed: delay time: 56938 Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Thread delayed: delay time: 56828 Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Thread delayed: delay time: 56716 Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Thread delayed: delay time: 56609 Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Thread delayed: delay time: 56469 Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Thread delayed: delay time: 56340 Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Thread delayed: delay time: 56171 Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Thread delayed: delay time: 56061 Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Thread delayed: delay time: 55940 Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Thread delayed: delay time: 55826 Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Thread delayed: delay time: 55713 Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Thread delayed: delay time: 55586 Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Thread delayed: delay time: 55511 Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Thread delayed: delay time: 55402 Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Thread delayed: delay time: 55262 Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Thread delayed: delay time: 55152 Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Thread delayed: delay time: 55030 Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Thread delayed: delay time: 54898 Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Thread delayed: delay time: 54777 Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Thread delayed: delay time: 54654 Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Thread delayed: delay time: 54539 Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Thread delayed: delay time: 54437 Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Thread delayed: delay time: 922337203685477
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Thread delayed: delay time: 922337203685477
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Thread delayed: delay time: 922337203685477
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Thread delayed: delay time: 1800000
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Thread delayed: delay time: 1799860
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Thread delayed: delay time: 1799735
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Thread delayed: delay time: 100000
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Thread delayed: delay time: 99875
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Thread delayed: delay time: 99766
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Thread delayed: delay time: 99641
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Thread delayed: delay time: 99515
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Thread delayed: delay time: 99406
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Thread delayed: delay time: 99297
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Thread delayed: delay time: 99188
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Thread delayed: delay time: 1798750
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Thread delayed: delay time: 60000
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Thread delayed: delay time: 59875
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Thread delayed: delay time: 59766
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Thread delayed: delay time: 59641
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Thread delayed: delay time: 59532
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Thread delayed: delay time: 59407
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Thread delayed: delay time: 59297
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Thread delayed: delay time: 59188
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Thread delayed: delay time: 59063
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Thread delayed: delay time: 58938
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Thread delayed: delay time: 58813
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Thread delayed: delay time: 58688
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Thread delayed: delay time: 58578
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Thread delayed: delay time: 58452
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Thread delayed: delay time: 58344
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Thread delayed: delay time: 58235
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Thread delayed: delay time: 58125
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Thread delayed: delay time: 58016
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Thread delayed: delay time: 57891
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Thread delayed: delay time: 57766
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Thread delayed: delay time: 57657
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Thread delayed: delay time: 57532
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Thread delayed: delay time: 57407
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Thread delayed: delay time: 57297
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Thread delayed: delay time: 57188
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Thread delayed: delay time: 57063
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Thread delayed: delay time: 56938
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Thread delayed: delay time: 56813
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Thread delayed: delay time: 56688
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Thread delayed: delay time: 56578
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Thread delayed: delay time: 56468
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Thread delayed: delay time: 56360
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Thread delayed: delay time: 56250
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Thread delayed: delay time: 56141
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Thread delayed: delay time: 56016
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Thread delayed: delay time: 922337203685477
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Thread delayed: delay time: 922337203685477
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Thread delayed: delay time: 922337203685477
Source: C:\Program Files\RepairTech\LiveAgent\SyncroLive.Service.Runner.exe Thread delayed: delay time: 922337203685477
Source: C:\Program Files\RepairTech\LiveAgent\SyncroLive.Service.Runner.exe Thread delayed: delay time: 301372
Source: C:\Program Files\RepairTech\LiveAgent\SyncroLive.Service.Runner.exe Thread delayed: delay time: 301238
Source: C:\Program Files\RepairTech\LiveAgent\SyncroLive.Service.Runner.exe Thread delayed: delay time: 301112
Source: C:\Program Files\RepairTech\LiveAgent\SyncroLive.Service.Runner.exe Thread delayed: delay time: 300987
Source: C:\Program Files\RepairTech\LiveAgent\SyncroLive.Service.Runner.exe Thread delayed: delay time: 300403
Source: C:\Program Files\RepairTech\LiveAgent\SyncroLive.Service.Runner.exe Thread delayed: delay time: 297418
Source: C:\Program Files\RepairTech\LiveAgent\SyncroLive.Service.Runner.exe Thread delayed: delay time: 296372
Source: C:\Program Files\RepairTech\LiveAgent\SyncroLive.Service.Runner.exe Thread delayed: delay time: 295340
Source: C:\Program Files\RepairTech\LiveAgent\SyncroLive.Agent.Runner.exe Thread delayed: delay time: 922337203685477
Source: C:\Program Files\RepairTech\LiveAgent\SyncroLive.Agent.Runner.exe Thread delayed: delay time: 30000
Source: C:\Program Files\RepairTech\LiveAgent\SyncroLive.Agent.Runner.exe Thread delayed: delay time: 922337203685477
Source: C:\Program Files\RepairTech\LiveAgent\SyncroLive.Agent.Runner.exe Thread delayed: delay time: 922337203685477
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe File opened: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\7za-x64.dll Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe File opened: C:\Program Files\RepairTech\Syncro Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe File opened: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\NULL Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe File opened: C:\Program Files\RepairTech\NULL Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe File opened: C:\Program Files\RepairTech\Syncro\NULL Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe File opened: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910 Jump to behavior
Source: Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A62159000.00000004.00000800.00020000.00000000.sdmp, Syncro.Overmind.Service.exe, 0000000E.00000002.2464315427.0000017206661000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: Hyper-V Data Exchange Service0
Source: SyncroLive.Agent.Runner.exe, 0000001D.00000002.3576854914.00000229001CA000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: $Hyper-V Hypervisor Logical Processor
Source: Syncro.Service.Runner.exe, 00000009.00000002.3451407992.0000022A716CA000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 2024-03-18 19:47:02.748 +01:00 [DBG] v1.0.181 [4cc.b18.005]: ForceSync: SendSystemInformation: [0063f78e] API <- PUT "https://rmm.syncromsp.com/device_api/device" {"uuid":"08bc108c-6328-49e2-9e11-d1871af9471c","information":{"general":{"name":"user-PC","manufacturer":"EXWv7SBawvUzR2w","model":"3RpZPopO","serial_number":"8X4MB89SN6","form_factor":"desktop","domain":""},"os":{"name":"Microsoft Windows 10 Pro","build":"19045.2006","last_boot_time":"2024-03-18T15:19:01Z","os_architecture":"64-bit","pending_reboot":false,"windows_release_version":"22H2"},"motherboard":{"name":"Base Board","manufacturer":"XW6V54NV1K"},"cpu":[{"manufacturer":"GenuineIntel","name":"Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz"},{"manufacturer":"GenuineIntel","name":"Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz"}],"ram":[{"manufacturer":"VMware Virtual RAM","size":"4 GB"}],"ram_gb":4,"hdd":[{"manufacturer":"NVXHP67W SCSI Disk Device","size":"383.98 GB"}],"video_card":[{"name":"NMHT399B"}],"network_adapters":[{"name":"Ethernet0","description":"Intel(R) 82574L Gigabit Network Connection","type":"ethernet","status":"up","ipv4":"192.168.2.6","ipv6":"fe80::1480:15d6:10aa:6464%14","subnet":"255.255.255.0","gateway":"192.168.2.1","dns1":"1.1.1.1","dns2":"","dhcp_server":"","physical_address":"EC-F4-BB-2D-24-96","lease_obtained":"","lease_expires":"","dhcp_enabled":false,"autoconfiguration_enabled":true,"is_primary":true}],"needs_reboot":false,"av":[{"version":"No version","name":"Windows Defender","machine_id":null,"instance_id":null}],"last_user":"user-PC\\user","system_partition":{"size_gb":"208","free_gb":"18","free_percent":9},"fixed_disks_total":{"size_gb":"208","free_gb":"18","free_percent":9},"primary_adapter":{"name":"Ethernet0","description":"Intel(R) 82574L Gigabit Network Connection","type":"ethernet","status":"up","ipv4":"192.168.2.6","ipv6":"fe80::1480:15d6:10aa:6464%14","subnet":"255.255.255.0","gateway":"192.168.2.1","dns1":"1.1.1.1","dns2":"","dhcp_server":"","physical_address":"EC-F4-BB-2D-24-96","lease_obtained":"","lease_expires":"","dhcp_enabled":false,"autoconfiguration_enabled":true,"is_primary":true},"install_dates":{"os_install":"2023...
Source: Syncro.Overmind.Service.exe, 00000011.00000002.3594084272.0000023C0F567000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: !Hyper-V PowerShell Direct Service@0
Source: SyncroLive.Agent.Runner.exe, 0000001D.00000002.3576854914.000002290027E000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: lC:/Windows\WinSxS\amd64_microsoft-hyper-v-pvhd-parser_31bf3856ad364e35_10.0.19041.1645_none_fe1307608fa06d8c
Source: Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A62220000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 2024-03-18 18:13:03.424 +01:00 [DBG] v1.0.181 [4cc.b18.005]: LargeSync: SendSystemInformation: [02f39f9b] API <- PUT "https://rmm.syncromsp.com/device_api/device" {"uuid":"08bc108c-6328-49e2-9e11-d1871af9471c","information":{"general":{"name":"user-PC","manufacturer":"EXWv7SBawvUzR2w","model":"3RpZPopO","serial_number":"8X4MB89SN6","form_factor":"desktop","domain":""},"os":{"name":"Microsoft Windows 10 Pro","build":"19045.2006","last_boot_time":"2024-03-18T15:16:23Z","os_architecture":"64-bit","pending_reboot":false,"windows_release_version":"22H2"},"motherboard":{"name":"Base Board","manufacturer":"XW6V54NV1K"},"cpu":[{"manufacturer":"GenuineIntel","name":"Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz"},{"manufacturer":"GenuineIntel","name":"Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz"}],"ram":[{"manufacturer":"VMware Virtual RAM","size":"4 GB"}],"ram_gb":4,"hdd":[{"manufacturer":"NVXHP67W SCSI Disk Device","size":"383.98 GB"}],"video_card":[{"name":"NMHT399B"}],"network_adapters":[{"name":"Ethernet0","description":"Intel(R) 82574L Gigabit Network Connection","type":"ethernet","status":"up","ipv4":"192.168.2.6","ipv6":"fe80::1480:15d6:10aa:6464%14","subnet":"255.255.255.0","gateway":"192.168.2.1","dns1":"1.1.1.1","dns2":"","dhcp_server":"","physical_address":"EC-F4-BB-2D-24-96","lease_obtained":"","lease_expires":"","dhcp_enabled":false,"autoconfiguration_enabled":true,"is_primary":true}],"needs_reboot":false,"av":[{"version":"No version","name":"Windows Defender","machine_id":null,"instance_id":null}],"last_user":"user-PC\\user","system_partition":{"size_gb":"208","free_gb":"18","free_percent":9},"fixed_disks_total":{"size_gb":"208","free_gb":"18","free_percent":9},"primary_adapter":{"name":"Ethernet0","description":"Intel(R) 82574L Gigabit Network Connection","type":"ethernet","status":"up","ipv4":"192.168.2.6","ipv6":"fe80::1480:15d6:10aa:6464%14","subnet":"255.255.255.0","gateway":"192.168.2.1","dns1":"1.1.1.1","dns2":"","dhcp_server":"","physical_address":"EC-F4-BB-2D-24-96","lease_obtained":"","lease_expires":"","dhcp_enabled":false,"autoconfiguration_enabled":true,"is_primary":true},"install_dates":{"os_install":"2023...
Source: svchost.exe, 00000013.00000002.3564517937.00000156F00D5000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: VMware.@
Source: SyncroLive.Agent.Runner.exe, 0000001D.00000002.3576854914.000002290027E000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: tC:/Windows\WinSxS\amd64_microsoft-hyper-v-v..failoverreplication_31bf3856ad364e35_10.0.19041.1_none_50b60ffc14c70fb2
Source: SyncroLive.Agent.Runner.exe, 0000001D.00000002.3576854914.000002290027E000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: tC:/Windows\WinSxS\amd64_microsoft-hyper-v-vstack-vmwp.resources_31bf3856ad364e35_10.0.19041.1_en-us_369e8b635061fdb3
Source: SyncroLive.Agent.Runner.exe, 0000001D.00000002.3576854914.000002290027E000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: uC:/Windows\WinSxS\amd64_microsoft-hyper-v-vstack-debug.resources_31bf3856ad364e35_10.0.19041.1_en-us_5ee8ada67d246bda
Source: SyncroLive.Agent.Runner.exe, 0000001D.00000002.3576854914.00000229001CA000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: *Hyper-V Dynamic Memory Integration Service
Source: Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A61ECB000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 2024-03-23 06:38:22.104 +01:00 [DBG] v1.0.181 [4cc.b18.005]: LargeSync: MSFT_PhysicalDisk: {"DeviceID":"0","Manufacturer":"VMware","Model":"Virtual disk","PartNumber":null,"SerialNumber":"6000c29c2bea38880a8a16ee9f37bec9","SoftwareVersion":null,"BusType":"SAS","MediaType":"SSD"}
Source: SyncroLive.Agent.Runner.exe, 0000001D.00000002.3576854914.000002290027E000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: uC:/Windows\WinSxS\amd64_microsoft-hyper-v-v..nthfcvdev.resources_31bf3856ad364e35_10.0.19041.1_en-us_6ca4b4247e291981
Source: SyncroLive.Agent.Runner.exe, 0000001D.00000002.3576854914.000002290027E000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: oC:/Windows\WinSxS\amd64_microsoft-windows-hyper-v-vfpext_31bf3856ad364e35_10.0.19041.1741_none_7543ca68a11c7040
Source: SyncroLive.Agent.Runner.exe, 0000001D.00000002.3576854914.000002290027E000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: tC:/Windows\WinSxS\amd64_microsoft-hyper-v-h..rvisor-host-service_31bf3856ad364e35_10.0.19041.1_none_2246f2e6f0441379
Source: Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A62220000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 2024-03-18 19:48:27.987 +01:00 [DBG] v1.0.181 [4cc.b18.005]: ForceSync: MSFT_PhysicalDisk: {"DeviceID":"0","Manufacturer":"VMware","Model":"Virtual disk","PartNumber":null,"SerialNumber":"6000c29c2bea38880a8a16ee9f37bec9","SoftwareVersion":null,"BusType":"SAS","MediaType":"SSD"}
Source: SyncroLive.Agent.Runner.exe, 0000001D.00000002.3576854914.000002290027E000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: mC:/Windows\WinSxS\amd64_microsoft-hyper-v-vstack-debug_31bf3856ad364e35_10.0.19041.1741_none_78a9b11b7a3cc41b
Source: svchost.exe, 00000013.00000003.3086463510.00000156F0544000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: VMware Virtual disk
Source: SyncroLive.Agent.Runner.exe, 0000001D.00000002.3576854914.00000229001CA000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: Hyper-V VM Vid Partition
Source: svchost.exe, 00000003.00000002.3570749225.0000015AB962B000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW`
Source: SyncroLive.Agent.Runner.exe, 0000001D.00000002.3576854914.000002290027E000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: uC:/Windows\WinSxS\amd64_microsoft-hyper-v-d..-netsetup.resources_31bf3856ad364e35_10.0.19041.1_en-us_299ac5951a49c2de
Source: Syncro.Overmind.Service.exe, 00000011.00000002.3594084272.0000023C0F567000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: -Hyper-V Remote Desktop Virtualization Service@0
Source: Syncro.Service.Runner.exe, 00000009.00000002.3451407992.0000022A71797000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: (Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz"}],"ram":[{"manufacturer":"VMware Virtual RAM","size":"4 GB"}],"ram_gb":4,"hdd":[{"manufacturer":"NVXHP67W SCSI Disk Device","size":"383.98 GB"}],"video_card":[{"name":"NMHT399B"}],"network_adapters":[{"name":"Ethernet0","description":"Intel(R) 82574L Gigabit Network Connection","type":"ethernet","status":"up","ipv4":"192.168.2.6","ipv6":"fe80::1480:15d6:10aa:6464%14","subnet":"255.255.255.0","gateway":"192.168.2.1","dns1":"1.1.1.1","dns2":"","dhcp_server":"","physical_address":"EC-F4-BB-2D-24-96","lease_obtained":"","lease_expires":"","dhcp_enabled":false,"autoconfiguration_enabled":true,"is_primary":true}],"needs_reboot":false,"av":[{"version":"No version","name":"Windows Defender","machine_id":null,"instance_id":null}],"last_user":"user-PC\\user","system_partition":{"size_gb":"208","free_gb":"18","free_percent":9},"fixed_disks_total":{"size_gb":"208","free_gb":"18","free_percent":9},"primary_adapter":{"name":"Ethernet0","description":"Intel(R) 82574L Gigabit Network Connection","type":"ethernet","status":"up","ipv4":"192.168.2.6","ipv6":"fe80::1480:15d6:10aa:6464%14","subnet":"255.255.255.0","gateway":"192.168.2.1","dns1":"1.1.1.1","dns2":"","dhcp_server":"","physical_address":"EC-F4-BB-2D-24-96","lease_obtained":"","lease_expires":"","dhcp_enabled":false,"autoconfiguration_enabled":true,"is_primary":true},"install_dates":{"os_install":"2023...
Source: SyncroLive.Agent.Runner.exe, 0000001D.00000002.3576854914.000002290027E000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: sC:/Windows\WinSxS\amd64_microsoft-hyper-v-vstack-vid.resources_31bf3856ad364e35_10.0.19041.1_en-us_447494df1222bcd8
Source: SyncroLive.Agent.Runner.exe, 0000001D.00000002.3576854914.000002290027E000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: wC:/Windows\WinSxS\amd64_microsoft-hyper-v-vstack-emulatedstorage_31bf3856ad364e35_10.0.19041.1741_none_4fe99c993cb84326
Source: SyncroLive.Agent.Runner.exe, 0000001D.00000002.3576854914.000002290027E000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: lC:/Windows\WinSxS\amd64_microsoft-hyper-v-vstack-vmwp_31bf3856ad364e35_10.0.19041.1949_none_a9b86d6c1534dc66
Source: svchost.exe, 00000013.00000002.3564517937.00000156F00BF000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: .@"VMware"disk"
Source: Syncro.Overmind.Service.exe, 00000011.00000002.3594084272.0000023C0F567000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: Hyper-V Data Exchange Service@0
Source: svchost.exe, 00000013.00000002.3563884079.00000156F0040000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: JSetPropValue.Manufacturer("VMware");
Source: SyncroLive.Agent.Runner.exe, 0000001D.00000002.3576854914.000002290027E000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: sC:/Windows\WinSxS\amd64_microsoft-hyper-v-vstack-synthfcvdev_31bf3856ad364e35_10.0.19041.1741_none_b365912b94b35a98
Source: svchost.exe, 00000013.00000002.3563620073.00000156F0013000.00000004.00000001.00020000.00000000.sdmp Binary or memory string: VMware Virtual disk6000C29C2BEA38880A8A16EE9F37BEC90VMwareVirtual disk
Source: Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A617D8000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: Pef,"autoconfiguration_enabled":true}],"ram":[{"size":"4 GB","manufacturer":"VMware Virtual RAM"}],"av":[{"name":"Windows Defender","version":"No version","machine_id":null,"instance_id":null}],"video_card":[{"name":"NMHT399B"}],"system_partition":{"size_gb":"208","free_gb":"18","free_percent":9},"fixed_disks_total":{"size_gb":"208","free_gb":"18","free_percent":9},"primary_adapter":{"gateway":"192.168.2.1","ipv4":"192.168.2.6","ipv6":"fe80::1480:15d6:10aa:6464%14","dns1":"1.1.1.1","dns2":"","subnet":"255.255.255.0","name":"Ethernet0","type":"ethernet","description":"Intel(R) 82574L Gigabit Network Connection"},"install_dates":{"os_install":"2023-10-03T08:57:18Z","bios_release":"2022-11-21T00:00:00Z","system_volume":"2023-10-03T08:53:39Z"},"monitoring":true,"mav":false,"computer_uuid":"6fca9140-fcaf-4cd8-86b3-846c3b1g
Source: SyncroLive.Agent.Runner.exe, 0000001D.00000002.3576854914.000002290027E000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: fC:/Windows\WinSxS\amd64_microsoft-hyper-v-kmclr_31bf3856ad364e35_10.0.19041.1889_none_46e4953b6f70cc79
Source: Syncro.Service.Runner.exe, 00000009.00000002.3486104189.0000022A7A3BE000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: MSFT_PhysicalDisk{1}\\user-PC\root/Microsoft/Windows/Storage/Providers_v2\SPACES_PhysicalDisk.ObjectId="{a33c734b-61ca-11ee-8c18-806e6f6e6963}:PD:{82094220-2cdd-02cd-b432-0b988e9f4438}"6000C29C2BEA38880A8A16EE9F37BEC9VMware Virtual diskVMwareVirtual disk6000c29c2bea38880a8a16ee9f37bec9PCI Slot 32 : Bus 2 : Device 0 : Function 0 : Adapter 0 : Port 0 : Target 0 : LUN 0
Source: Syncro.Overmind.Service.exe, 00000011.00000002.3594084272.0000023C0F567000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: Hyper-V Heartbeat Service@0
Source: Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A62159000.00000004.00000800.00020000.00000000.sdmp, Syncro.Overmind.Service.exe, 0000000E.00000002.2464315427.0000017206661000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: Hyper-V Guest Service Interface0
Source: SyncroLive.Agent.Runner.exe, 0000001D.00000002.3576854914.0000022900060000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: VMware Virtual RAM
Source: SyncroLive.Agent.Runner.exe, 0000001D.00000002.3576854914.0000022900060000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: VMware SVGA IIES1371
Source: svchost.exe, 00000013.00000003.3008948319.00000156F041B000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: VMwareVirtual disk2.06000c29c2bea38880a8a16ee9f37bec9PCI Slot 32 : Bus 2 : Device 0 : Function 0 : Adapter 0 : Port 0 : Target 0 : LUN 006000C29C2BEA38880A8A16EE9F37BEC9
Source: Syncro.Overmind.Service.exe, 00000011.00000002.3594084272.0000023C0F567000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: vmicheartbeat
Source: svchost.exe, 00000013.00000002.3563884079.00000156F0040000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: dSetPropValue.FriendlyName("VMware Virtual disk");
Source: SyncroLive.Agent.Runner.exe, 0000001D.00000002.3576854914.000002290027E000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: uC:/Windows\WinSxS\amd64_microsoft-hyper-v-m..t-clients.resources_31bf3856ad364e35_10.0.19041.1_en-us_a3e0d97c4c052586
Source: Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A62159000.00000004.00000800.00020000.00000000.sdmp, Syncro.Overmind.Service.exe, 0000000E.00000002.2464315427.0000017206661000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: -Hyper-V Remote Desktop Virtualization Service0
Source: SyncroLive.Agent.Runner.exe, 0000001D.00000002.3576854914.000002290027E000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: aC:/Windows\WinSxS\amd64_microsoft-hyper-v-bpa_31bf3856ad364e35_10.0.19041.1_none_555170071aa29c2c
Source: SyncroLive.Agent.Runner.exe, 0000001D.00000002.3576854914.000002290027E000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: wC:/Windows\WinSxS\amd64_microsoft-hyper-v-i..ationcomponents-rdv_31bf3856ad364e35_10.0.19041.1741_none_b62736d427ac1a0c
Source: SyncroLive.Agent.Runner.exe, 0000001D.00000002.3576854914.000002290027E000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: tC:/Windows\WinSxS\amd64_microsoft-hyper-v-vstack-vmms.resources_31bf3856ad364e35_10.0.19041.1_en-us_fc0cba9450a52790
Source: SyncroLive.Agent.Runner.exe, 0000001D.00000002.3576854914.0000022900060000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 6VMware-42 27 80 4d 99 30 0e 9c-c1 9b 2a 23 ea 1f c4 20
Source: Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A62159000.00000004.00000800.00020000.00000000.sdmp, Syncro.Overmind.Service.exe, 0000000E.00000002.2464315427.0000017206661000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: Hyper-V Guest Shutdown Service0
Source: SyncroLive.Agent.Runner.exe, 0000001D.00000002.3576854914.000002290027E000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: vC:/Windows\WinSxS\amd64_microsoft-hyper-v-m..t-remotefilebrowser_31bf3856ad364e35_10.0.19041.746_none_6fbcad1699b89a67
Source: Syncro.Service.Runner.exe, 00000009.00000002.3480427062.0000022A79EFB000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dlltt%E
Source: SyncroLive.Agent.Runner.exe, 0000001D.00000002.3576854914.0000022900060000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: VMware SVGA II
Source: SyncroLive.Agent.Runner.exe, 0000001D.00000002.3576854914.000002290027E000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: dC:/Windows\WinSxS\amd64_microsoft-hyper-v-winhvr_31bf3856ad364e35_10.0.19041.1_none_fc5d2e67adee5611
Source: SyncroLive.Agent.Runner.exe, 0000001D.00000002.3576854914.000002290027E000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: lC:/Windows\WinSxS\amd64_microsoft-hyper-v-vstack-vmms_31bf3856ad364e35_10.0.19041.2006_none_ab6b7b2814133920
Source: Syncro.Overmind.Service.exe, 00000011.00000002.3594084272.0000023C0F567000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: $Hyper-V Volume Shadow Copy Requestor@0
Source: SyncroLive.Agent.Runner.exe, 0000001D.00000002.3576854914.000002290027E000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: tC:/Windows\WinSxS\amd64_microsoft-hyper-v-pvhd-parser.resources_31bf3856ad364e35_10.0.19041.1_en-us_0ccb9f4751718744
Source: svchost.exe, 00000013.00000002.3564179885.00000156F00B2000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: VMwareVirtual disk2.06000c29c2bea38880a8a16ee9f37bec9PCI Slot 32 : Bus 2 : Device 0 : Function 0 : Adapter 0 : Port 0 : Target 0 : LUN 0
Source: Syncro.Overmind.Service.exe, 00000011.00000002.3594084272.0000023C0F567000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: $Hyper-V Time Synchronization Service@0
Source: Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A62220000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 2024-03-18 19:28:15.655 +01:00 [DBG] v1.0.181 [4cc.b18.005]: ForceSync: MSFT_PhysicalDisk: {"DeviceID":"0","Manufacturer":"VMware","Model":"Virtual disk","PartNumber":null,"SerialNumber":"6000c29c2bea38880a8a16ee9f37bec9","SoftwareVersion":null,"BusType":"SAS","MediaType":"SSD"}
Source: SyncroLive.Agent.Runner.exe, 0000001D.00000002.3576854914.000002290027E000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: tC:/Windows\WinSxS\amd64_microsoft-hyper-v-m..-client.snapinabout_31bf3856ad364e35_10.0.19041.1_none_43a9017744e82ca8
Source: Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A6177F000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: ,"autoconfiguration_enabled":true}],"ram":[{"size":"4 GB","manufacturer":"VMware Virtual RAM"}],"av":[{"name":"Windows Defender","version":"No version","machine_id":null,"instance_id":null}],"video_card":[{"name":"NMHT399B"}],"system_partition":{"size_gb":"208","free_gb":"18","free_percent":9},"fixed_disks_total":{"size_gb":"208","free_gb":"18","free_percent":9},"primary_adapter":{"gateway":"192.168.2.1","ipv4":"192.168.2.6","ipv6":"fe80::1480:15d6:10aa:6464%14","dns1":"1.1.1.1","dns2":"","subnet":"255.255.255.0","name":"Ethernet0","type":"ethernet","description":"Intel(R) 82574L Gigabit Network Connection"},"install_dates":{"os_install":"2023-10-03T08:57:18Z","bios_release":"2022-11-21T00:00:00Z","system_volume":"2023-10-03T08:53:39Z"},"monitoring":true,"mav":false,"computer_uuid":"6fca9140-fcaf-4cd8-86b3-846c3b192fc
Source: svchost.exe, 00000013.00000002.3564517937.00000156F00BF000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: *@friendlyname"vmware virtual disk"ALE
Source: SyncroLive.Agent.Runner.exe, 0000001D.00000002.3576854914.0000022900060000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: VMware, Inc.NoneVMware-42 27 80 4d 99 30 0e 9c-c1 9b 2a 23 ea 1f c4 20VMware20,1
Source: Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A62159000.00000004.00000800.00020000.00000000.sdmp, Syncro.Overmind.Service.exe, 0000000E.00000002.2464315427.0000017206661000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: $Hyper-V Time Synchronization Service0
Source: SyncroLive.Agent.Runner.exe, 0000001D.00000002.3576854914.000002290027E000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: lC:/Windows\WinSxS\amd64_microsoft-hyper-v-bpa.resources_31bf3856ad364e35_10.0.19041.1_en-us_168291f09487ebd5
Source: SyncroLive.Agent.Runner.exe, 0000001D.00000002.3576854914.000002290027E000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: hC:/Windows\WinSxS\amd64_microsoft-hyper-v-lun-parser_31bf3856ad364e35_10.0.19041.1_none_b6d8bfc73f89cc96
Source: SyncroLive.Agent.Runner.exe, 0000001D.00000002.3576854914.000002290027E000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: uC:/Windows\WinSxS\amd64_microsoft-hyper-v-v..edstorage.resources_31bf3856ad364e35_10.0.19041.1_en-us_8e6d1518accc0bf5
Source: Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A62159000.00000004.00000800.00020000.00000000.sdmp, Syncro.Overmind.Service.exe, 0000000E.00000002.2464315427.0000017206661000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: Hyper-V Heartbeat Service0
Source: Syncro.Service.Runner.exe, 00000009.00000002.3488485817.0000022A7A41E000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: VMware Virtual RAM00000001VMW-4096MB
Source: SyncroLive.Agent.Runner.exe, 0000001D.00000002.3576854914.000002290027E000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: eC:/Windows\WinSxS\amd64_microsoft-hyper-v-kmcl_31bf3856ad364e35_10.0.19041.1889_none_e7d7bde611c8c141
Source: SyncroLive.Agent.Runner.exe, 0000001D.00000002.3576854914.00000229001CA000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: Hyper-V Hypervisor
Source: SyncroLive.Agent.Runner.exe, 0000001D.00000002.3576854914.000002290027E000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: uC:/Windows\WinSxS\amd64_microsoft-hyper-v-v..izationv2.resources_31bf3856ad364e35_10.0.19041.1_en-gb_7788797720472f2d
Source: SyncroLive.Agent.Runner.exe, 0000001D.00000002.3576854914.000002290027E000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: rC:/Windows\WinSxS\amd64_microsoft-hyper-v-vstack-hypervcluster_31bf3856ad364e35_10.0.19041.1_none_a2ace16370124ff4
Source: svchost.exe, 00000013.00000003.3086463510.00000156F0544000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: VMware
Source: Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A61C76000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 2024-03-18 18:13:03.424 +01:00 [DBG] v1.0.181 [4cc.b18.005]: LargeSync: SendSystemInformation: [02f39f9b] API <- PUT "https://rmm.syncromsp.com/device_api/device" {"uuid":"08bc108c-6328-49e2-9e11-d1871af9471c","information":{"general":{"name":"user-PC","manufacturer":"EXWv7SBawvUzR2w","model":"3RpZPopO","serial_number":"8X4MB89SN6","form_factor":"desktop","domain":""},"os":{"name":"Microsoft Windows 10 Pro","build":"19045.2006","last_boot_time":"2024-03-18T15:16:23Z","os_architecture":"64-bit","pending_reboot":false,"windows_release_version":"22H2"},"motherboard":{"name":"Base Board","manufacturer":"XW6V54NV1K"},"cpu":[{"manufacturer":"GenuineIntel","name":"Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz"},{"manufacturer":"GenuineIntel","name":"Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz"}],"ram":[{"manufacturer":"VMware Virtual RAM","size":"4 GB"}],"ram_gb":4,"hdd":[{"manufacturer":"NVXHP67W SCSI Disk Device","size":"383.98 GB"}],"video_card":[{"name":"NMHT399B"}],"network_adapters":[{"name":"Ethernet0","description":"Intel(R) 82574L Gigabit Network Connection","type":"ethernet","status":"up","ipv4":"192.168.2.6","ipv6":"fe80::1480:15d6:10aa:6464%14","subnet":"255.255.255.0","gateway":"192.168.2.1","dns1":"1.1.1.1","dns2":"","dhcp_server":"","physical_address":"EC-F4-BB-2D-24-96","lease_obtained":"","lease_expires":"","dhcp_enabled":false,"autoconfiguration_enabled":true,"is_primary":true}],"needs_reboot":false,"av":[{"version":"No version","name":"Windows Defender","machine_id":null,"instance_id":null}],"last_user":"user-PC\\user","system_partition":{"size_gb":"208","free_gb":"18","free_percent":9},"fixed_disks_total":{"size_gb":"208","free_gb":"18","free_percent":9},"primary_adapter":{"name":"Ethernet0","description":"Intel(R) 82574L Gigabit Network Connection","type":"ethernet","status":"up","ipv4":"192.168.2.6","ipv6":"fe80::1480:15d6:10aa:6464%14","subnet":"255.255.255.0","gateway":"192.168.2.1","dns1":"1.1.1.1","dns2":"","dhcp_server":"","physical_address":"EC-F4-BB-2D-24-96","lease_obtained":"","lease_expires":"","dhcp_enabled":false,"autoconfiguration_enabled":true,"is_primary":true},"install_dates":{"os_install":"2023...0l
Source: SyncroLive.Agent.Runner.exe, 0000001D.00000002.3576854914.000002290027E000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: pC:/Windows\WinSxS\amd64_microsoft-hyper-v-sysprep-provider_31bf3856ad364e35_10.0.19041.789_none_111728dc239a85e2
Source: Syncro.Service.Runner.exe, 00000009.00000002.3503924318.0000022A7ADF0000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: VMware(
Source: SyncroLive.Agent.Runner.exe, 0000001D.00000002.3576854914.000002290027E000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: uC:/Windows\WinSxS\amd64_microsoft-hyper-v-m..apinabout.resources_31bf3856ad364e35_10.0.19041.1_en-us_d314f4eb3925c8b5
Source: Syncro.Overmind.Service.exe, 00000011.00000002.3594084272.0000023C0F567000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: Hyper-V Guest Service Interface@0
Source: SyncroLive.Agent.Runner.exe, 0000001D.00000002.3576854914.00000229001CA000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: !Hyper-V Virtual Machine Bus Pipes
Source: svchost.exe, 00000013.00000002.3567845547.00000156F00F9000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: VMware, Inc.VMware20,1NoneVMware-42 27 80 4d 99 30 0e 9c-c1 9b 2a 23 ea 1f c4 20
Source: SyncroLive.Agent.Runner.exe, 0000001D.00000002.3576854914.000002290027E000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: jC:/Windows\WinSxS\amd64_microsoft-hyper-v-vstack-vid_31bf3856ad364e35_10.0.19041.546_none_58a869077fc6e2f7
Source: SyncroLive.Agent.Runner.exe, 0000001D.00000002.3576854914.000002290027E000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: vC:/Windows\WinSxS\amd64_microsoft-hyper-v-vstack-vsmb.resources_31bf3856ad364e35_10.0.19041.423_en-us_f14a4bbefe65ac87
Source: Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A62220000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 2024-03-18 19:16:32.482 +01:00 [DBG] v1.0.181 [4cc.b18.005]: ForceSync: SendSystemInformation: [01600de9] API <- PUT "https://rmm.syncromsp.com/device_api/device" {"uuid":"08bc108c-6328-49e2-9e11-d1871af9471c","information":{"general":{"name":"user-PC","manufacturer":"EXWv7SBawvUzR2w","model":"3RpZPopO","serial_number":"8X4MB89SN6","form_factor":"desktop","domain":""},"os":{"name":"Microsoft Windows 10 Pro","build":"19045.2006","last_boot_time":"2024-03-18T15:16:44Z","os_architecture":"64-bit","pending_reboot":false,"windows_release_version":"22H2"},"motherboard":{"name":"Base Board","manufacturer":"XW6V54NV1K"},"cpu":[{"manufacturer":"GenuineIntel","name":"Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz"},{"manufacturer":"GenuineIntel","name":"Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz"}],"ram":[{"manufacturer":"VMware Virtual RAM","size":"4 GB"}],"ram_gb":4,"hdd":[{"manufacturer":"NVXHP67W SCSI Disk Device","size":"383.98 GB"}],"video_card":[{"name":"NMHT399B"}],"network_adapters":[{"name":"Ethernet0","description":"Intel(R) 82574L Gigabit Network Connection","type":"ethernet","status":"up","ipv4":"192.168.2.6","ipv6":"fe80::1480:15d6:10aa:6464%14","subnet":"255.255.255.0","gateway":"192.168.2.1","dns1":"1.1.1.1","dns2":"","dhcp_server":"","physical_address":"EC-F4-BB-2D-24-96","lease_obtained":"","lease_expires":"","dhcp_enabled":false,"autoconfiguration_enabled":true,"is_primary":true}],"needs_reboot":false,"av":[{"version":"No version","name":"Windows Defender","machine_id":null,"instance_id":null}],"last_user":"user-PC\\user","system_partition":{"size_gb":"208","free_gb":"18","free_percent":9},"fixed_disks_total":{"size_gb":"208","free_gb":"18","free_percent":9},"primary_adapter":{"name":"Ethernet0","description":"Intel(R) 82574L Gigabit Network Connection","type":"ethernet","status":"up","ipv4":"192.168.2.6","ipv6":"fe80::1480:15d6:10aa:6464%14","subnet":"255.255.255.0","gateway":"192.168.2.1","dns1":"1.1.1.1","dns2":"","dhcp_server":"","physical_address":"EC-F4-BB-2D-24-96","lease_obtained":"","lease_expires":"","dhcp_enabled":false,"autoconfiguration_enabled":true,"is_primary":true},"install_dates":{"os_install":"2023...
Source: svchost.exe, 00000003.00000002.3574211338.0000015ABEC5B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000003.00000002.3570749225.0000015AB962B000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW
Source: SyncroLive.Agent.Runner.exe, 0000001D.00000002.3576854914.000002290027E000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: hC:/Windows\WinSxS\amd64_microsoft-hyper-v-ram-parser_31bf3856ad364e35_10.0.19041.1_none_a7bb53746630ebd3
Source: Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A61E95000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 2024-03-21 01:15:24.628 +01:00 [DBG] v1.0.181 [4cc.b18.005]: LargeSync: MSFT_PhysicalDisk: {"DeviceID":"0","Manufacturer":"VMware","Model":"Virtual disk","PartNumber":null,"SerialNumber":"6000c29c2bea38880a8a16ee9f37bec9","SoftwareVersion":null,"BusType":"SAS","MediaType":"SSD"}
Source: Syncro.Service.Runner.exe, 00000009.00000002.3478007524.0000022A79E50000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Win32_PhysicalMemoryPhysical Memory 0Win32_PhysicalMemoryPhysical MemoryPhysical MemoryPhysical MemoryRAM slot #0RAM slot #0VMware Virtual RAM00000001VMW-4096MBP 53]
Source: Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A61E95000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 2024-03-21 00:58:07.682 +01:00 [DBG] v1.0.181 [4cc.b18.005]: LargeSync: SendSystemInformation: [001910ac] API <- PUT "https://rmm.syncromsp.com/device_api/device" {"uuid":"08bc108c-6328-49e2-9e11-d1871af9471c","information":{"general":{"name":"user-PC","manufacturer":"EXWv7SBawvUzR2w","model":"3RpZPopO","serial_number":"8X4MB89SN6","form_factor":"desktop","domain":""},"os":{"name":"Microsoft Windows 10 Pro","build":"19045.2006","last_boot_time":"2024-03-18T15:43:45Z","os_architecture":"64-bit","pending_reboot":false,"windows_release_version":"22H2"},"motherboard":{"name":"Base Board","manufacturer":"XW6V54NV1K"},"cpu":[{"manufacturer":"GenuineIntel","name":"Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz"},{"manufacturer":"GenuineIntel","name":"Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz"}],"ram":[{"manufacturer":"VMware Virtual RAM","size":"4 GB"}],"ram_gb":4,"hdd":[{"manufacturer":"NVXHP67W SCSI Disk Device","size":"383.98 GB"}],"video_card":[{"name":"NMHT399B"}],"network_adapters":[{"name":"Ethernet0","description":"Intel(R) 82574L Gigabit Network Connection","type":"ethernet","status":"up","ipv4":"192.168.2.6","ipv6":"fe80::1480:15d6:10aa:6464%14","subnet":"255.255.255.0","gateway":"192.168.2.1","dns1":"1.1.1.1","dns2":"","dhcp_server":"","physical_address":"EC-F4-BB-2D-24-96","lease_obtained":"","lease_expires":"","dhcp_enabled":false,"autoconfiguration_enabled":true,"is_primary":true}],"needs_reboot":false,"av":[{"version":"No version","name":"Windows Defender","machine_id":null,"instance_id":null}],"last_user":"user-PC\\user","system_partition":{"size_gb":"208","free_gb":"18","free_percent":9},"fixed_disks_total":{"size_gb":"208","free_gb":"18","free_percent":9},"primary_adapter":{"name":"Ethernet0","description":"Intel(R) 82574L Gigabit Network Connection","type":"ethernet","status":"up","ipv4":"192.168.2.6","ipv6":"fe80::1480:15d6:10aa:6464%14","subnet":"255.255.255.0","gateway":"192.168.2.1","dns1":"1.1.1.1","dns2":"","dhcp_server":"","physical_address":"EC-F4-BB-2D-24-96","lease_obtained":"","lease_expires":"","dhcp_enabled":false,"autoconfiguration_enabled":true,"is_primary":true},"install_dates":{"os_install":"2023...
Source: SyncroLive.Agent.Runner.exe, 0000001D.00000002.3576854914.000002290027E000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: uC:/Windows\WinSxS\amd64_microsoft-hyper-v-v..rvcluster.resources_31bf3856ad364e35_10.0.19041.1_en-gb_71570953289cd4d0
Source: SyncroLive.Agent.Runner.exe, 0000001D.00000002.3576854914.000002290027E000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: uC:/Windows\WinSxS\amd64_microsoft-hyper-v-m..lebrowser.resources_31bf3856ad364e35_10.0.19041.1_en-us_4373d0692dcd3a06
Source: SyncroLive.Agent.Runner.exe, 0000001D.00000002.3576854914.0000022900060000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: VMware, Inc.VMW201.00V.20829224.B64.221121184211/21/2022
Source: SyncroLive.Agent.Runner.exe, 0000001D.00000002.3576854914.00000229001CA000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: )Hyper-V Hypervisor Root Virtual Processor
Source: svchost.exe, 00000013.00000002.3564179885.00000156F00B2000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: VMwareVirtual disk2.06000c29c2bea38880a8a16ee9f37bec9PCI Slot 32 : Bus 2 : Device 0 : Function 0 : Adapter 0 : Port 0 : Target 0 : LUN 006000C29C2BEA38880A8A16EE9F37BEC9Dat
Source: SyncroLive.Agent.Runner.exe, 0000001D.00000002.3576854914.000002290027E000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: pC:/Windows\WinSxS\amd64_microsoft-hyper-v-management-clients_31bf3856ad364e35_10.0.19041.1_none_a87cce111f2d21d5
Source: Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A62159000.00000004.00000800.00020000.00000000.sdmp, Syncro.Overmind.Service.exe, 0000000E.00000002.2464315427.0000017206661000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: !Hyper-V PowerShell Direct Service0
Source: SyncroLive.Agent.Runner.exe, 0000001D.00000002.3576854914.000002290027E000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: uC:/Windows\WinSxS\amd64_microsoft-hyper-v-i..nents-rdv.resources_31bf3856ad364e35_10.0.19041.1_en-us_b3d1ef0d088d6955
Source: Syncro.Overmind.Service.exe, 00000011.00000002.3594084272.0000023C0F567000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: vmicshutdown
Source: Syncro.Service.Runner.exe, 00000009.00000002.3497855200.0000022A7AC1D000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: VMware Virtual RAM00000001VMW-4096MBre V
Source: SyncroLive.Agent.Runner.exe, 0000001D.00000002.3576854914.000002290027E000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: uC:/Windows\WinSxS\amd64_microsoft-hyper-v-d..ypervisor.resources_31bf3856ad364e35_10.0.19041.1_en-us_c2edb07518552135
Source: SyncroLive.Agent.Runner.exe, 0000001D.00000002.3576854914.0000022900060000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: VMware20,1
Source: Syncro.Overmind.Service.exe, 00000011.00000002.3594084272.0000023C0F567000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: vmicvss
Source: SyncroLive.Agent.Runner.exe, 0000001D.00000002.3576854914.000002290027E000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: sC:/Windows\WinSxS\amd64_microsoft-hyper-v-drivers-hypervisor_31bf3856ad364e35_10.0.19041.2006_none_a526c6e91aabcb1b
Source: SyncroLive.Agent.Runner.exe, 0000001D.00000002.3576854914.000002290027E000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: hC:/Windows\WinSxS\amd64_microsoft-hyper-v-vhd-parser_31bf3856ad364e35_10.0.19041.1_none_34b87765e20dcc15
Source: Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A62159000.00000004.00000800.00020000.00000000.sdmp, Syncro.Overmind.Service.exe, 0000000E.00000002.2464315427.0000017206661000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: $Hyper-V Volume Shadow Copy Requestor0
Source: SyncroLive.Agent.Runner.exe, 0000001D.00000002.3576854914.000002290027E000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: wC:/Windows\WinSxS\amd64_microsoft-hyper-v-d..s-vmswitch-netsetup_31bf3856ad364e35_10.0.19041.2006_none_f93d3f541072d580
Source: svchost.exe, 00000013.00000002.3567845547.00000156F00F9000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: +@SetPropValue.Manufacturer("VMware");
Source: SyncroLive.Agent.Runner.exe, 0000001D.00000002.3576854914.000002290027E000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: tC:/Windows\WinSxS\amd64_microsoft-hyper-v-v..ck-virtualizationv2_31bf3856ad364e35_10.0.19041.1_none_25a2ff96aac272dd
Source: SyncroLive.Agent.Runner.exe, 0000001D.00000002.3576854914.0000022900060000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: VMware, Inc.
Source: SyncroLive.Agent.Runner.exe, 0000001D.00000002.3576854914.0000022900060000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: VMware-42 27 80 4d 99 30 0e 9c-c1 9b 2a 23 ea 1f c4 20
Source: Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A61ECB000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 2024-03-23 06:24:52.423 +01:00 [DBG] v1.0.181 [4cc.b18.005]: LargeSync: SendSystemInformation: [027de7c9] API <- PUT "https://rmm.syncromsp.com/device_api/device" {"uuid":"08bc108c-6328-49e2-9e11-d1871af9471c","information":{"general":{"name":"user-PC","manufacturer":"EXWv7SBawvUzR2w","model":"3RpZPopO","serial_number":"8X4MB89SN6","form_factor":"desktop","domain":""},"os":{"name":"Microsoft Windows 10 Pro","build":"19045.2006","last_boot_time":"2024-03-18T16:09:16Z","os_architecture":"64-bit","pending_reboot":false,"windows_release_version":"22H2"},"motherboard":{"name":"Base Board","manufacturer":"XW6V54NV1K"},"cpu":[{"manufacturer":"GenuineIntel","name":"Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz"},{"manufacturer":"GenuineIntel","name":"Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz"}],"ram":[{"manufacturer":"VMware Virtual RAM","size":"4 GB"}],"ram_gb":4,"hdd":[{"manufacturer":"NVXHP67W SCSI Disk Device","size":"383.98 GB"}],"video_card":[{"name":"NMHT399B"}],"network_adapters":[{"name":"Ethernet0","description":"Intel(R) 82574L Gigabit Network Connection","type":"ethernet","status":"up","ipv4":"192.168.2.6","ipv6":"fe80::1480:15d6:10aa:6464%14","subnet":"255.255.255.0","gateway":"192.168.2.1","dns1":"1.1.1.1","dns2":"","dhcp_server":"","physical_address":"EC-F4-BB-2D-24-96","lease_obtained":"","lease_expires":"","dhcp_enabled":false,"autoconfiguration_enabled":true,"is_primary":true}],"needs_reboot":false,"av":[{"version":"No version","name":"Windows Defender","machine_id":null,"instance_id":null}],"last_user":"user-PC\\user","system_partition":{"size_gb":"208","free_gb":"18","free_percent":9},"fixed_disks_total":{"size_gb":"208","free_gb":"18","free_percent":9},"primary_adapter":{"name":"Ethernet0","description":"Intel(R) 82574L Gigabit Network Connection","type":"ethernet","status":"up","ipv4":"192.168.2.6","ipv6":"fe80::1480:15d6:10aa:6464%14","subnet":"255.255.255.0","gateway":"192.168.2.1","dns1":"1.1.1.1","dns2":"","dhcp_server":"","physical_address":"EC-F4-BB-2D-24-96","lease_obtained":"","lease_expires":"","dhcp_enabled":false,"autoconfiguration_enabled":true,"is_primary":true},"install_dates":{"os_install":"2023...
Source: Syncro.Service.Runner.exe, 00000009.00000002.3374894744.0000022A62220000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 2024-03-18 19:47:02.748 +01:00 [DBG] v1.0.181 [4cc.b18.005]: ForceSync: SendSystemInformation: [0063f78e] API <- PUT "https://rmm.syncromsp.com/device_api/device" {"uuid":"08bc108c-6328-49e2-9e11-d1871af9471c","information":{"general":{"name":"user-PC","manufacturer":"EXWv7SBawvUzR2w","model":"3RpZPopO","serial_number":"8X4MB89SN6","form_factor":"desktop","domain":""},"os":{"name":"Microsoft Windows 10 Pro","build":"19045.2006","last_boot_time":"2024-03-18T15:19:01Z","os_architecture":"64-bit","pending_reboot":false,"windows_release_version":"22H2"},"motherboard":{"name":"Base Board","manufacturer":"XW6V54NV1K"},"cpu":[{"manufacturer":"GenuineIntel","name":"Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz"},{"manufacturer":"GenuineIntel","name":"Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz"}],"ram":[{"manufacturer":"VMware Virtual RAM","size":"4 GB"}],"ram_gb":4,"hdd":[{"manufacturer":"NVXHP67W SCSI Disk Device","size":"383.98 GB"}],"video_card":[{"name":"NMHT399B"}],"network_adapters":[{"nam
Source: Syncro.Overmind.Service.exe, 00000011.00000002.3594084272.0000023C0F567000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: Hyper-V Guest Shutdown Service@0
Source: SyncroLive.Agent.Runner.exe, 0000001D.00000002.3576854914.0000022900060000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: VMware20,12
Source: SyncroLive.Agent.Runner.exe, 0000001D.00000002.3576854914.000002290027E000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: mC:/Windows\WinSxS\amd64_microsoft-hyper-v-passthru-parser_31bf3856ad364e35_10.0.19041.1_none_d7dfb451bd621127
Source: Syncro.Installer.exe, 00000002.00000002.2321950328.0000021C754D2000.00000004.00000020.00020000.00000000.sdmp, SyncroLive.Service.Runner.exe, 0000001C.00000002.3751662634.000002386D636000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: SyncroLive.Agent.Runner.exe, 0000001D.00000002.3576854914.000002290027E000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: dC:/Windows\WinSxS\amd64_microsoft-hyper-v-hgs_31bf3856ad364e35_10.0.19041.1741_none_1bf0e7c12b78479b
Source: svchost.exe, 00000013.00000002.3564517937.00000156F00D5000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\4&1656f219&0&000000
Source: SyncroLive.Agent.Runner.exe, 0000001D.00000002.3576854914.000002290027E000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: nC:/Windows\WinSxS\wow64_microsoft-hyper-v-winsock-provider_31bf3856ad364e35_10.0.19041.1_none_97e0d8d7edeea164
Source: SyncroLive.Agent.Runner.exe, 0000001D.00000002.3576854914.000002290027E000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: tC:/Windows\WinSxS\amd64_microsoft-hyper-v-integration-rdv-core_31bf3856ad364e35_10.0.19041.964_none_3542494c595902f8
Source: svchost.exe, 00000013.00000002.3567845547.00000156F00F9000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: @friendlyname"vmware virtual disk";
Source: Syncro.Service.Runner.exe, 00000009.00000002.3499578736.0000022A7ACB1000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: M slot #0VMware Virtual RAM00000001VMW-4096MBre V
Source: SyncroLive.Agent.Runner.exe, 0000001D.00000002.3576854914.000002290027E000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: pC:/Windows\WinSxS\amd64_microsoft-hyper-v-winsock-provider_31bf3856ad364e35_10.0.19041.867_none_b57fce26790eec13
Source: SyncroLive.Agent.Runner.exe, 0000001D.00000002.3576854914.0000022900060000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: VMware Virtual RAM00000001VMW-4096MBRAM slot #0RAM slot #0
Source: SyncroLive.Agent.Runner.exe, 0000001D.00000002.3576854914.000002290027E000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: mC:/Windows\WinSxS\amd64_microsoft-hyper-v-vstack-config_31bf3856ad364e35_10.0.19041.928_none_d35bf07ab5380c24
Source: svchost.exe, 00000013.00000002.3564179885.00000156F009B000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: (@SetPropValue.FriendlyName("VMware Virtual disk");
Source: SyncroLive.Agent.Runner.exe, 0000001D.00000002.3576854914.00000229001CA000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: !Hyper-V Hypervisor Root Partition
Source: SyncroLive.Agent.Runner.exe, 0000001D.00000002.3576854914.000002290027E000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: uC:/Windows\WinSxS\amd64_microsoft-hyper-v-h..t-service.resources_31bf3856ad364e35_10.0.19041.1_en-us_ddaeabc80a3525d6
Source: SyncroLive.Agent.Runner.exe, 0000001D.00000002.3576854914.000002290027E000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: lC:/Windows\WinSxS\amd64_microsoft-hyper-v-vstack-vsmb_31bf3856ad364e35_10.0.19041.1741_none_a3a0448c191b2fda
Source: Syncro.Service.Runner.exe, 00000009.00000002.3490452699.0000022A7A4BC000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Win32_PhysicalMemoryPhysical Memory 0Win32_PhysicalMemoryPhysical MemoryPhysical MemoryPhysical MemoryRAM slot #0RAM slot #0VMware Virtual RAM00000001VMW-4096MBre V
Source: svchost.exe, 00000013.00000003.3086463510.00000156F0544000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: SPACES_PhysicalDisk{a33c734b-61ca-11ee-8c18-806e6f6e6963}:PD:{82094220-2cdd-02cd-b432-0b988e9f4438}6000C29C2BEA38880A8A16EE9F37BEC9VMware Virtual diskVMwareVirtual disk6000c29c2bea38880a8a16ee9f37bec9PCI Slot 32 : Bus 2 : Device 0 : Function 0 : Adapter 0 : Port 0 : Target 0 : LUN 0
Source: SyncroLive.Agent.Runner.exe, 0000001D.00000002.3576854914.000002290027E000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: sC:/Windows\WinSxS\amd64_microsoft-hyper-v-ram-parser.resources_31bf3856ad364e35_10.0.19041.1_en-us_50c23e4c771f203a
Source: SyncroLive.Agent.Runner.exe, 0000001D.00000002.3576854914.000002290027E000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: cC:/Windows\WinSxS\amd64_microsoft-hyper-v-winhv_31bf3856ad364e35_10.0.19041.1_none_93cc37f483916b61
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Process information queried: ProcessInformation Jump to behavior
Enables debug privileges
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Process token adjusted: Debug Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Process token adjusted: Debug Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Process token adjusted: Debug
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Process token adjusted: Debug
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Process token adjusted: Debug
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Process token adjusted: Debug
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Process token adjusted: Debug
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Process token adjusted: Debug
Source: C:\Program Files\RepairTech\LiveAgent\SyncroLive.Service.Runner.exe Process token adjusted: Debug
Source: C:\Program Files\RepairTech\LiveAgent\SyncroLive.Agent.Runner.exe Process token adjusted: Debug
Source: C:\Users\user\Desktop\INVOICE31401001340.exe Memory allocated: page read and write | page guard Jump to behavior
Creates a process in suspended mode (likely to inject code)
Source: C:\Users\user\Desktop\INVOICE31401001340.exe Process created: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe "C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe" --jwt-payload eyJ0eXAiOiJKV1QiLCJhbGciOiJFUzI1NiJ9.eyJ2ZXJzaW9uIjoxLCJpbnN0YWxsIjp7InNob3AiOiIycHJPZFM2MWItc1FTQXA2aV9XVnRBIiwiY3VzdG9tZXJfaWQiOjEzNzUzOTMsImZvbGRlcl9pZCI6Mzc1ODExOX0sInNlcnZpY2luZyI6eyJjaGFubmVsIjoic3luY3JvLXJ0bSIsInRhcmdldCI6InN5bmNybyJ9fQ.qpR5PqzCuyisf6IKqdUr3HoeK5bJeW3zqdyumas0geGur6RM6l2ILEri8jVBr7qw20jtv4z0BCzdaar0brhD3g Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Process created: C:\Windows\System32\cmd.exe cmd.exe" /c "C:\Program Files\RepairTech\Syncro\install.bat Jump to behavior
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\InstallUtil.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\installutil.exe" /ShowCallStack /LogFile=C:\ProgramData/Syncro/logs/ServiceInstall.log "C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Jump to behavior
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\sc.exe sc failure Syncro reset= 60 actions= restart/5000/restart/10000/restart/60000 Jump to behavior
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\sc.exe sc start Syncro Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Process created: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe "C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe" install Jump to behavior
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Process created: C:\Windows\System32\sc.exe sc" create "SyncroLive" binpath= "\"C:\Program Files\RepairTech\LiveAgent\SyncroLive.Service.Runner.exe\"" displayname= "SyncroLive" start= "delayed-auto
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Process created: C:\Windows\System32\sc.exe sc" description "SyncroLive" "
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Process created: C:\Windows\System32\sc.exe "sc" failure "SyncroLive" reset= 3600 actions= restart/5000/restart/30000/restart/300000
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Process created: C:\Windows\System32\sc.exe "sc" failure "Syncro" reset= 3600 actions= restart/300000
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
Source: C:\Users\user\Desktop\INVOICE31401001340.exe Process created: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe "c:\users\user\appdata\local\temp\syncro.installer.exe" --jwt-payload eyj0exaioijkv1qilcjhbgcioijfuzi1nij9.eyj2zxjzaw9uijoxlcjpbnn0ywxsijp7innob3aioiiychjpzfm2mwitc1ftqxa2av9xvnrbiiwiy3vzdg9tzxjfawqiojeznzuzotmsimzvbgrlcl9pzci6mzc1odexox0sinnlcnzpy2luzyi6eyjjagfubmvsijoic3luy3jvlxj0bsisinrhcmdldci6inn5bmnybyj9fq.qpr5pqzcuyisf6ikqdur3hoek5bjew3zqdyumas0gegur6rm6l2ileri8jvbr7qw20jtv4z0bczdaar0brhd3g
Source: C:\Users\user\Desktop\INVOICE31401001340.exe Process created: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe "c:\users\user\appdata\local\temp\syncro.installer.exe" --jwt-payload eyj0exaioijkv1qilcjhbgcioijfuzi1nij9.eyj2zxjzaw9uijoxlcjpbnn0ywxsijp7innob3aioiiychjpzfm2mwitc1ftqxa2av9xvnrbiiwiy3vzdg9tzxjfawqiojeznzuzotmsimzvbgrlcl9pzci6mzc1odexox0sinnlcnzpy2luzyi6eyjjagfubmvsijoic3luy3jvlxj0bsisinrhcmdldci6inn5bmnybyj9fq.qpr5pqzcuyisf6ikqdur3hoek5bjew3zqdyumas0gegur6rm6l2ileri8jvbr7qw20jtv4z0bczdaar0brhd3g Jump to behavior
Source: Syncro.Installer.exe, 00000002.00000002.2320422475.0000021C74AE0000.00000004.08000000.00040000.00000000.sdmp, Syncro.Installer.exe, 00000002.00000002.2316441248.0000021C100F2000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 0000000D.00000002.2896983400.000002133E0DD000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: Shell_TrayWnd
Source: Syncro.App.Runner.exe, 0000000D.00000002.2896983400.000002133E0DD000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 0000000D.00000002.2896983400.000002133DE58000.00000004.00000800.00020000.00000000.sdmp, Syncro.App.Runner.exe, 00000012.00000002.3121137427.00000218BE379000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: .Not found Shell_TrayWnd in SystemTray Updater.
Source: Syncro.App.Runner.exe, 0000000D.00000002.2911244289.00000213565C2000.00000002.00000001.01000000.00000017.sdmp Binary or memory string: Shell_TrayWnd]Not found Shell_TrayWnd in SystemTray Updater.
Queries the volume information (name, serial number etc) of a device
Source: C:\Users\user\Desktop\INVOICE31401001340.exe Queries volume information: C:\Users\user\Desktop\INVOICE31401001340.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Queries volume information: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Collections\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Collections.dll VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ValueTuple\v4.0_4.0.0.0__cc7b13ffcd2ddd51\System.ValueTuple.dll VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Queries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Threading\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Threading.dll VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Reflection\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Reflection.dll VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Linq\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Linq.dll VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Extensions\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Extensions.dll VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Reflection.Extensions\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Reflection.Extensions.dll VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Queries volume information: C:\Windows\Fonts\segoeuil.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Queries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformation Jump to behavior
Source: C:\Windows\System32\svchost.exe Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation Jump to behavior
Source: C:\Windows\System32\svchost.exe Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation Jump to behavior
Source: C:\Windows\System32\svchost.exe Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation Jump to behavior
Source: C:\Windows\System32\svchost.exe Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation Jump to behavior
Source: C:\Windows\System32\svchost.exe Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation Jump to behavior
Source: C:\Windows\System32\svchost.exe Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation Jump to behavior
Source: C:\Windows\System32\svchost.exe Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation Jump to behavior
Source: C:\Windows\System32\svchost.exe Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation Jump to behavior
Source: C:\Windows\System32\svchost.exe Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm VolumeInformation Jump to behavior
Source: C:\Windows\System32\svchost.exe Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation Jump to behavior
Source: C:\Windows\System32\svchost.exe Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation Jump to behavior
Source: C:\Windows\System32\svchost.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Windows\System32\svchost.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\InstallUtil.exe Queries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\InstallUtil.exe VolumeInformation Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\InstallUtil.exe Queries volume information: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe VolumeInformation Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\InstallUtil.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformation Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\InstallUtil.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformation Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Queries volume information: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe VolumeInformation Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Queries volume information: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\Syncro.Service.exe VolumeInformation Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Queries volume information: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\RepairTech.Common.Tools.dll VolumeInformation Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Queries volume information: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\Autofac.dll VolumeInformation Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Queries volume information: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\Microsoft.Bcl.AsyncInterfaces.dll VolumeInformation Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Queries volume information: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\System.Threading.Tasks.Extensions.dll VolumeInformation Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Queries volume information: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\System.Threading.Tasks.Extensions.dll VolumeInformation Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Queries volume information: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\Syncro.Service.Interfaces.dll VolumeInformation Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Queries volume information: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\Serilog.dll VolumeInformation Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Queries volume information: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\Destructurama.Attributed.dll VolumeInformation Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Queries volume information: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\Serilog.Sinks.File.dll VolumeInformation Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Queries volume information: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\Serilog.Formatting.Compact.dll VolumeInformation Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Queries volume information: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\Serilog.Sinks.Literate.dll VolumeInformation Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Queries volume information: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\Serilog.Sinks.Console.dll VolumeInformation Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Queries volume information: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\Serilog.Sinks.Console.dll VolumeInformation Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Collections\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Collections.dll VolumeInformation Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Queries volume information: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\Syncro.Contracts.dll VolumeInformation Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Queries volume information: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\CSharpFunctionalExtensions.dll VolumeInformation Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Queries volume information: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\Syncro.Tools.dll VolumeInformation Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Queries volume information: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\Microsoft.Win32.TaskScheduler.dll VolumeInformation Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Queries volume information: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\Syncro.Service.Models.dll VolumeInformation Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Queries volume information: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\Syncro.Service.Services.dll VolumeInformation Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ValueTuple\v4.0_4.0.0.0__cc7b13ffcd2ddd51\System.ValueTuple.dll VolumeInformation Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Queries volume information: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\Syncro.Service.Configuration.dll VolumeInformation Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Queries volume information: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\Newtonsoft.Json.dll VolumeInformation Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformation Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll VolumeInformation Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Queries volume information: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\FluentCommandLineParser.dll VolumeInformation Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.Composition\v4.0_4.0.0.0__b77a5c561934e089\System.ComponentModel.Composition.dll VolumeInformation Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Queries volume information: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\RollbarSharp.dll VolumeInformation Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Queries volume information: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\RestSharp.dll VolumeInformation Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Queries volume information: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\Phoenix.dll VolumeInformation Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Queries volume information: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\Squirrel.dll VolumeInformation Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Queries volume information: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\Splat.dll VolumeInformation Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Queries volume information: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\Flurl.Http.dll VolumeInformation Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Queries volume information: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\NuGet.Squirrel.dll VolumeInformation Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Threading\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Threading.dll VolumeInformation Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Reflection\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Reflection.dll VolumeInformation Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Linq\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Linq.dll VolumeInformation Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Extensions\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Extensions.dll VolumeInformation Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Reflection.Extensions\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Reflection.Extensions.dll VolumeInformation Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformation Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformation Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Channels\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Channels.dll VolumeInformation Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Web\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Web.dll VolumeInformation Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll VolumeInformation Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Queries volume information: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\Interop.NetFwTypeLib.dll VolumeInformation Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Queries volume information: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\Flurl.dll VolumeInformation Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformation Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll VolumeInformation Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll VolumeInformation Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll VolumeInformation Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll VolumeInformation Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\v4.0_4.0.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll VolumeInformation Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Queries volume information: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\websocket-sharp.dll VolumeInformation Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Queries volume information: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\UrlCombineLib.dll VolumeInformation Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Compression\v4.0_4.0.0.0__b77a5c561934e089\System.IO.Compression.dll VolumeInformation Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe Queries volume information: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\Interop.WUApiLib.dll VolumeInformation Jump to behavior
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Queries volume information: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe VolumeInformation
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Queries volume information: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\Syncro.App.dll VolumeInformation
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Queries volume information: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\RepairTech.Common.Tools.dll VolumeInformation
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Queries volume information: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\Serilog.dll VolumeInformation
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Queries volume information: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\Flurl.Http.dll VolumeInformation
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Queries volume information: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\Syncro.Contracts.dll VolumeInformation
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Queries volume information: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\Syncro.Tools.dll VolumeInformation
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Queries volume information: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\Destructurama.Attributed.dll VolumeInformation
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Queries volume information: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\Serilog.Sinks.File.dll VolumeInformation
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Queries volume information: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\Serilog.Formatting.Compact.dll VolumeInformation
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Queries volume information: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\Serilog.Sinks.Literate.dll VolumeInformation
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Queries volume information: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\Serilog.Sinks.Console.dll VolumeInformation
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Queries volume information: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\Serilog.Sinks.Console.dll VolumeInformation
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Collections\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Collections.dll VolumeInformation
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Queries volume information: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\Newtonsoft.Json.dll VolumeInformation
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Queries volume information: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\Newtonsoft.Json.dll VolumeInformation
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Queries volume information: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\FluentCommandLineParser.dll VolumeInformation
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformation
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformation
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Channels\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Channels.dll VolumeInformation
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Web\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Web.dll VolumeInformation
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll VolumeInformation
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformation
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll VolumeInformation
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Queries volume information: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\RollbarSharp.dll VolumeInformation
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Queries volume information: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\MetroFramework.dll VolumeInformation
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Queries volume information: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\en\Syncro.App.resources.dll VolumeInformation
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Queries volume information: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\RepairTech.Common.Wpf.dll VolumeInformation
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Queries volume information: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe VolumeInformation
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformation
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.InteropServices.RuntimeInformation\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.InteropServices.RuntimeInformation.dll VolumeInformation
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Queries volume information: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe VolumeInformation
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformation
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.InteropServices.RuntimeInformation\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.InteropServices.RuntimeInformation.dll VolumeInformation
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ValueTuple\v4.0_4.0.0.0__cc7b13ffcd2ddd51\System.ValueTuple.dll VolumeInformation
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.Composition\v4.0_4.0.0.0__b77a5c561934e089\System.ComponentModel.Composition.dll VolumeInformation
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Compression\v4.0_4.0.0.0__b77a5c561934e089\System.IO.Compression.dll VolumeInformation
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Queries volume information: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe VolumeInformation
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Queries volume information: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\Syncro.App.dll VolumeInformation
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Queries volume information: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\RepairTech.Common.Tools.dll VolumeInformation
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Queries volume information: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\Serilog.dll VolumeInformation
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Queries volume information: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\Flurl.Http.dll VolumeInformation
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Queries volume information: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\Syncro.Contracts.dll VolumeInformation
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Queries volume information: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\Syncro.Tools.dll VolumeInformation
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Queries volume information: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\Destructurama.Attributed.dll VolumeInformation
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Queries volume information: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\Serilog.Sinks.File.dll VolumeInformation
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Queries volume information: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\Serilog.Formatting.Compact.dll VolumeInformation
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Queries volume information: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\Serilog.Sinks.Console.dll VolumeInformation
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Queries volume information: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\Serilog.Sinks.Console.dll VolumeInformation
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Collections\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Collections.dll VolumeInformation
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Queries volume information: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\Newtonsoft.Json.dll VolumeInformation
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Queries volume information: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\Newtonsoft.Json.dll VolumeInformation
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Queries volume information: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\FluentCommandLineParser.dll VolumeInformation
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformation
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformation
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Channels\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Channels.dll VolumeInformation
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Web\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Web.dll VolumeInformation
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll VolumeInformation
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformation
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll VolumeInformation
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Queries volume information: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\RollbarSharp.dll VolumeInformation
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Queries volume information: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\MetroFramework.dll VolumeInformation
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Queries volume information: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\en\Syncro.App.resources.dll VolumeInformation
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Queries volume information: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\RepairTech.Common.Wpf.dll VolumeInformation
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Queries volume information: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe VolumeInformation
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Queries volume information: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\Syncro.App.dll VolumeInformation
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Queries volume information: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\RepairTech.Common.Tools.dll VolumeInformation
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Queries volume information: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\Serilog.dll VolumeInformation
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Queries volume information: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\Flurl.Http.dll VolumeInformation
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Queries volume information: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\Syncro.Contracts.dll VolumeInformation
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Queries volume information: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\Syncro.Tools.dll VolumeInformation
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Queries volume information: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\Destructurama.Attributed.dll VolumeInformation
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Queries volume information: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\Serilog.Sinks.File.dll VolumeInformation
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Queries volume information: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\Serilog.Formatting.Compact.dll VolumeInformation
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Queries volume information: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\Serilog.Sinks.Literate.dll VolumeInformation
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Queries volume information: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\Serilog.Sinks.Console.dll VolumeInformation
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Queries volume information: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\Serilog.Sinks.Console.dll VolumeInformation
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Collections\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Collections.dll VolumeInformation
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Queries volume information: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\Newtonsoft.Json.dll VolumeInformation
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Queries volume information: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\Newtonsoft.Json.dll VolumeInformation
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Queries volume information: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\FluentCommandLineParser.dll VolumeInformation
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformation
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformation
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Channels\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Channels.dll VolumeInformation
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Web\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Web.dll VolumeInformation
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll VolumeInformation
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformation
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll VolumeInformation
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Queries volume information: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\RollbarSharp.dll VolumeInformation
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Queries volume information: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\MetroFramework.dll VolumeInformation
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Queries volume information: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\en\Syncro.App.resources.dll VolumeInformation
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Queries volume information: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\RepairTech.Common.Wpf.dll VolumeInformation
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Queries volume information: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe VolumeInformation
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Queries volume information: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\Syncro.App.dll VolumeInformation
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Queries volume information: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\RepairTech.Common.Tools.dll VolumeInformation
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Queries volume information: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\Serilog.dll VolumeInformation
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Queries volume information: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\Flurl.Http.dll VolumeInformation
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Queries volume information: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\Syncro.Contracts.dll VolumeInformation
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Queries volume information: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\Syncro.Tools.dll VolumeInformation
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Queries volume information: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\Destructurama.Attributed.dll VolumeInformation
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Queries volume information: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\Serilog.Sinks.File.dll VolumeInformation
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Queries volume information: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\Serilog.Formatting.Compact.dll VolumeInformation
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Queries volume information: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\Serilog.Sinks.Literate.dll VolumeInformation
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Queries volume information: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\Serilog.Sinks.Console.dll VolumeInformation
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Queries volume information: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\Serilog.Sinks.Console.dll VolumeInformation
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Collections\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Collections.dll VolumeInformation
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Queries volume information: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\Newtonsoft.Json.dll VolumeInformation
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Queries volume information: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\Newtonsoft.Json.dll VolumeInformation
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Queries volume information: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\FluentCommandLineParser.dll VolumeInformation
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformation
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformation
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Channels\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Channels.dll VolumeInformation
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Web\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Web.dll VolumeInformation
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll VolumeInformation
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformation
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll VolumeInformation
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Queries volume information: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\RollbarSharp.dll VolumeInformation
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Queries volume information: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\MetroFramework.dll VolumeInformation
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Queries volume information: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\en\Syncro.App.resources.dll VolumeInformation
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Queries volume information: C:\Program Files\RepairTech\Syncro\app-1.0.181.14910\RepairTech.Common.Wpf.dll VolumeInformation
Source: C:\Program Files\RepairTech\LiveAgent\SyncroLive.Service.Runner.exe Queries volume information: C:\Program Files\RepairTech\LiveAgent\SyncroLive.Service.Runner.exe VolumeInformation
Source: C:\Program Files\RepairTech\LiveAgent\SyncroLive.Service.Runner.exe Queries volume information: C:\Program Files\RepairTech\LiveAgent\app-0.0.68.15635\SyncroLive.Service.exe VolumeInformation
Source: C:\Program Files\RepairTech\LiveAgent\SyncroLive.Service.Runner.exe Queries volume information: C:\Program Files\RepairTech\LiveAgent\app-0.0.68.15635\RepairTech.Common.Tools.dll VolumeInformation
Source: C:\Program Files\RepairTech\LiveAgent\SyncroLive.Service.Runner.exe Queries volume information: C:\Program Files\RepairTech\LiveAgent\app-0.0.68.15635\SyncroLive.Interface.dll VolumeInformation
Source: C:\Program Files\RepairTech\LiveAgent\SyncroLive.Service.Runner.exe Queries volume information: C:\Program Files\RepairTech\LiveAgent\app-0.0.68.15635\Squirrel.dll VolumeInformation
Source: C:\Program Files\RepairTech\LiveAgent\SyncroLive.Service.Runner.exe Queries volume information: C:\Program Files\RepairTech\LiveAgent\app-0.0.68.15635\Splat.dll VolumeInformation
Source: C:\Program Files\RepairTech\LiveAgent\SyncroLive.Service.Runner.exe Queries volume information: C:\Program Files\RepairTech\LiveAgent\app-0.0.68.15635\Serilog.dll VolumeInformation
Source: C:\Program Files\RepairTech\LiveAgent\SyncroLive.Service.Runner.exe Queries volume information: C:\Program Files\RepairTech\LiveAgent\app-0.0.68.15635\Topshelf.dll VolumeInformation
Source: C:\Program Files\RepairTech\LiveAgent\SyncroLive.Service.Runner.exe Queries volume information: C:\Program Files\RepairTech\LiveAgent\app-0.0.68.15635\Destructurama.Attributed.dll VolumeInformation
Source: C:\Program Files\RepairTech\LiveAgent\SyncroLive.Service.Runner.exe Queries volume information: C:\Program Files\RepairTech\LiveAgent\app-0.0.68.15635\Serilog.Sinks.File.dll VolumeInformation
Source: C:\Program Files\RepairTech\LiveAgent\SyncroLive.Service.Runner.exe Queries volume information: C:\Program Files\RepairTech\LiveAgent\app-0.0.68.15635\Serilog.Formatting.Compact.dll VolumeInformation
Source: C:\Program Files\RepairTech\LiveAgent\SyncroLive.Service.Runner.exe Queries volume information: C:\Program Files\RepairTech\LiveAgent\app-0.0.68.15635\Serilog.Sinks.Literate.dll VolumeInformation
Source: C:\Program Files\RepairTech\LiveAgent\SyncroLive.Service.Runner.exe Queries volume information: C:\Program Files\RepairTech\LiveAgent\app-0.0.68.15635\Serilog.Sinks.Console.dll VolumeInformation
Source: C:\Program Files\RepairTech\LiveAgent\SyncroLive.Service.Runner.exe Queries volume information: C:\Program Files\RepairTech\LiveAgent\app-0.0.68.15635\Serilog.Sinks.Console.dll VolumeInformation
Source: C:\Program Files\RepairTech\LiveAgent\SyncroLive.Service.Runner.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Collections\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Collections.dll VolumeInformation
Source: C:\Program Files\RepairTech\LiveAgent\SyncroLive.Service.Runner.exe Queries volume information: C:\Program Files\RepairTech\LiveAgent\app-0.0.68.15635\FluentCommandLineParser.dll VolumeInformation
Source: C:\Program Files\RepairTech\LiveAgent\SyncroLive.Service.Runner.exe Queries volume information: C:\Program Files\RepairTech\LiveAgent\app-0.0.68.15635\RollbarSharp.dll VolumeInformation
Source: C:\Program Files\RepairTech\LiveAgent\SyncroLive.Service.Runner.exe Queries volume information: C:\Program Files\RepairTech\LiveAgent\app-0.0.68.15635\NuGet.Squirrel.dll VolumeInformation
Source: C:\Program Files\RepairTech\LiveAgent\SyncroLive.Service.Runner.exe Queries volume information: C:\Program Files\RepairTech\LiveAgent\app-0.0.68.15635\Interop.NetFwTypeLib.dll VolumeInformation
Source: C:\Program Files\RepairTech\LiveAgent\SyncroLive.Service.Runner.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation
Source: C:\Program Files\RepairTech\LiveAgent\SyncroLive.Service.Runner.exe Queries volume information: C:\Program Files\RepairTech\LiveAgent\app-0.0.68.15635\SyncroLive.WindowsInput.dll VolumeInformation
Source: C:\Program Files\RepairTech\LiveAgent\SyncroLive.Service.Runner.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformation
Source: C:\Program Files\RepairTech\LiveAgent\SyncroLive.Service.Runner.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformation
Source: C:\Program Files\RepairTech\LiveAgent\SyncroLive.Service.Runner.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Channels\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Channels.dll VolumeInformation
Source: C:\Program Files\RepairTech\LiveAgent\SyncroLive.Service.Runner.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Web\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Web.dll VolumeInformation
Source: C:\Program Files\RepairTech\LiveAgent\SyncroLive.Service.Runner.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll VolumeInformation
Source: C:\Program Files\RepairTech\LiveAgent\SyncroLive.Service.Runner.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Program Files\RepairTech\LiveAgent\SyncroLive.Agent.Runner.exe Queries volume information: C:\Program Files\RepairTech\LiveAgent\SyncroLive.Agent.Runner.exe VolumeInformation
Source: C:\Program Files\RepairTech\LiveAgent\SyncroLive.Agent.Runner.exe Queries volume information: C:\Program Files\RepairTech\LiveAgent\app-0.0.68.15635\SyncroLive.Agent.exe VolumeInformation
Source: C:\Program Files\RepairTech\LiveAgent\SyncroLive.Agent.Runner.exe Queries volume information: C:\Program Files\RepairTech\LiveAgent\app-0.0.68.15635\SyncroLive.Interface.dll VolumeInformation
Source: C:\Program Files\RepairTech\LiveAgent\SyncroLive.Agent.Runner.exe Queries volume information: C:\Program Files\RepairTech\LiveAgent\app-0.0.68.15635\SharpDX.Direct3D11.dll VolumeInformation
Source: C:\Program Files\RepairTech\LiveAgent\SyncroLive.Agent.Runner.exe Queries volume information: C:\Program Files\RepairTech\LiveAgent\app-0.0.68.15635\SharpDX.DXGI.dll VolumeInformation
Source: C:\Program Files\RepairTech\LiveAgent\SyncroLive.Agent.Runner.exe Queries volume information: C:\Program Files\RepairTech\LiveAgent\app-0.0.68.15635\SharpDX.dll VolumeInformation
Source: C:\Program Files\RepairTech\LiveAgent\SyncroLive.Agent.Runner.exe Queries volume information: C:\Program Files\RepairTech\LiveAgent\app-0.0.68.15635\RepairTech.Common.Tools.dll VolumeInformation
Source: C:\Program Files\RepairTech\LiveAgent\SyncroLive.Agent.Runner.exe Queries volume information: C:\Program Files\RepairTech\LiveAgent\app-0.0.68.15635\CSharpFunctionalExtensions.dll VolumeInformation
Source: C:\Program Files\RepairTech\LiveAgent\SyncroLive.Agent.Runner.exe Queries volume information: C:\Program Files\RepairTech\LiveAgent\app-0.0.68.15635\Newtonsoft.Json.dll VolumeInformation
Source: C:\Program Files\RepairTech\LiveAgent\SyncroLive.Agent.Runner.exe Queries volume information: C:\Program Files\RepairTech\LiveAgent\app-0.0.68.15635\deniszykov.WebSocketListener.dll VolumeInformation
Source: C:\Program Files\RepairTech\LiveAgent\SyncroLive.Agent.Runner.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ValueTuple\v4.0_4.0.0.0__cc7b13ffcd2ddd51\System.ValueTuple.dll VolumeInformation
Source: C:\Program Files\RepairTech\LiveAgent\SyncroLive.Agent.Runner.exe Queries volume information: C:\Program Files\RepairTech\LiveAgent\app-0.0.68.15635\Squirrel.dll VolumeInformation
Source: C:\Program Files\RepairTech\LiveAgent\SyncroLive.Agent.Runner.exe Queries volume information: C:\Program Files\RepairTech\LiveAgent\app-0.0.68.15635\Serilog.dll VolumeInformation
Source: C:\Program Files\RepairTech\LiveAgent\SyncroLive.Agent.Runner.exe Queries volume information: C:\Program Files\RepairTech\LiveAgent\app-0.0.68.15635\FluentCommandLineParser.dll VolumeInformation
Source: C:\Program Files\RepairTech\LiveAgent\SyncroLive.Agent.Runner.exe Queries volume information: C:\Program Files\RepairTech\LiveAgent\app-0.0.68.15635\Destructurama.Attributed.dll VolumeInformation
Source: C:\Program Files\RepairTech\LiveAgent\SyncroLive.Agent.Runner.exe Queries volume information: C:\Program Files\RepairTech\LiveAgent\app-0.0.68.15635\Serilog.Sinks.File.dll VolumeInformation
Source: C:\Program Files\RepairTech\LiveAgent\SyncroLive.Agent.Runner.exe Queries volume information: C:\Program Files\RepairTech\LiveAgent\app-0.0.68.15635\Serilog.Formatting.Compact.dll VolumeInformation
Source: C:\Program Files\RepairTech\LiveAgent\SyncroLive.Agent.Runner.exe Queries volume information: C:\Program Files\RepairTech\LiveAgent\app-0.0.68.15635\Serilog.Sinks.Literate.dll VolumeInformation
Source: C:\Program Files\RepairTech\LiveAgent\SyncroLive.Agent.Runner.exe Queries volume information: C:\Program Files\RepairTech\LiveAgent\app-0.0.68.15635\Serilog.Sinks.Console.dll VolumeInformation
Source: C:\Program Files\RepairTech\LiveAgent\SyncroLive.Agent.Runner.exe Queries volume information: C:\Program Files\RepairTech\LiveAgent\app-0.0.68.15635\Serilog.Sinks.Console.dll VolumeInformation
Source: C:\Program Files\RepairTech\LiveAgent\SyncroLive.Agent.Runner.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Collections\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Collections.dll VolumeInformation
Source: C:\Program Files\RepairTech\LiveAgent\SyncroLive.Agent.Runner.exe Queries volume information: C:\Program Files\RepairTech\LiveAgent\app-0.0.68.15635\RollbarSharp.dll VolumeInformation
Source: C:\Program Files\RepairTech\LiveAgent\SyncroLive.Agent.Runner.exe Queries volume information: C:\Program Files\RepairTech\LiveAgent\app-0.0.68.15635\RepairTech.Common.Wpf.dll VolumeInformation
Source: C:\Program Files\RepairTech\LiveAgent\SyncroLive.Agent.Runner.exe Queries volume information: C:\Program Files\RepairTech\LiveAgent\app-0.0.68.15635\System.Numerics.Vectors.dll VolumeInformation
Source: C:\Program Files\RepairTech\LiveAgent\SyncroLive.Agent.Runner.exe Queries volume information: C:\Program Files\RepairTech\LiveAgent\app-0.0.68.15635\Interop.NetFwTypeLib.dll VolumeInformation
Source: C:\Program Files\RepairTech\LiveAgent\SyncroLive.Agent.Runner.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation
Source: C:\Program Files\RepairTech\LiveAgent\SyncroLive.Agent.Runner.exe Queries volume information: C:\Program Files\RepairTech\LiveAgent\app-0.0.68.15635\OpenHardwareMonitorLib.dll VolumeInformation
Source: C:\Program Files\RepairTech\LiveAgent\SyncroLive.Agent.Runner.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformation
Source: C:\Program Files\RepairTech\LiveAgent\SyncroLive.Agent.Runner.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformation
Source: C:\Program Files\RepairTech\LiveAgent\SyncroLive.Agent.Runner.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Channels\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Channels.dll VolumeInformation
Source: C:\Program Files\RepairTech\LiveAgent\SyncroLive.Agent.Runner.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Web\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Web.dll VolumeInformation
Source: C:\Program Files\RepairTech\LiveAgent\SyncroLive.Agent.Runner.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll VolumeInformation
Source: C:\Program Files\RepairTech\LiveAgent\SyncroLive.Agent.Runner.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Program Files\RepairTech\LiveAgent\SyncroLive.Agent.Runner.exe Queries volume information: C:\Program Files\RepairTech\LiveAgent\app-0.0.68.15635\WebRTC.NET.SDK.dll VolumeInformation
Source: C:\Program Files\RepairTech\LiveAgent\SyncroLive.Agent.Runner.exe Queries volume information: C:\ VolumeInformation
Source: C:\Program Files\RepairTech\LiveAgent\SyncroLive.Agent.Runner.exe Queries volume information: C:\ VolumeInformation
Source: C:\Program Files\RepairTech\LiveAgent\SyncroLive.Agent.Runner.exe Queries volume information: \Device\CdRom0\ VolumeInformation
Source: C:\Program Files\RepairTech\LiveAgent\SyncroLive.Agent.Runner.exe Queries volume information: \Device\CdRom0\ VolumeInformation
Source: C:\Program Files\RepairTech\LiveAgent\SyncroLive.Agent.Runner.exe Queries volume information: C:\ VolumeInformation
Source: C:\Program Files\RepairTech\LiveAgent\SyncroLive.Agent.Runner.exe Queries volume information: C:\ VolumeInformation
Source: C:\Program Files\RepairTech\LiveAgent\SyncroLive.Agent.Runner.exe Queries volume information: \Device\CdRom0\ VolumeInformation
Source: C:\Program Files\RepairTech\LiveAgent\SyncroLive.Agent.Runner.exe Queries volume information: \Device\CdRom0\ VolumeInformation
Source: C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe Code function: 13_2_00007FFD348BEA29 GetSystemTimeAdjustment, 13_2_00007FFD348BEA29
Source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid Jump to behavior
AV process strings found (often used to terminate AV products)
Source: Syncro.Service.Runner.exe, 00000009.00000002.3501822572.0000022A7AD73000.00000004.00000020.00020000.00000000.sdmp, Syncro.Service.Runner.exe, 00000009.00000002.3501100953.0000022A7AD43000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntiVirusProduct
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntiVirusProduct
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntiVirusProduct
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntiVirusProduct
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntiVirusProduct
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntiVirusProduct
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntiVirusProduct
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntiVirusProduct
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntiVirusProduct
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntiVirusProduct
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntiVirusProduct
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntiVirusProduct
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntiVirusProduct
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntiVirusProduct
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntiVirusProduct
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntiVirusProduct
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntiVirusProduct
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntiVirusProduct
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntiVirusProduct
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntiVirusProduct
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntiVirusProduct
Source: C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntiVirusProduct
Yara detected Syncro Remote Tool
Source: Yara match File source: INVOICE31401001340.exe, type: SAMPLE
Source: Yara match File source: 0.2.INVOICE31401001340.exe.13189ac0.1.unpack, type: UNPACKEDPE
Source: Yara match File source: 0.0.INVOICE31401001340.exe.683cec.2.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 0.0.INVOICE31401001340.exe.683cec.2.unpack, type: UNPACKEDPE
Source: Yara match File source: 2.0.Syncro.Installer.exe.21c72830000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 0.0.INVOICE31401001340.exe.670000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 0.2.INVOICE31401001340.exe.13189ac0.1.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 00000000.00000002.2353079397.0000000013189000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000000.00000000.2120038499.0000000000672000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match File source: 00000002.00000000.2130594520.0000021C72832000.00000002.00000001.01000000.00000006.sdmp, type: MEMORY
Source: Yara match File source: Process Memory Space: INVOICE31401001340.exe PID: 3840, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: Syncro.Installer.exe PID: 6512, type: MEMORYSTR
Source: Yara match File source: C:\Users\user\AppData\Local\Temp\Syncro.Installer.exe, type: DROPPED
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1411161 Sample: INVOICE31401001340.exe Startdate: 18/03/2024 Architecture: WINDOWS Score: 50 92 wlndows.syncroapi.com 2->92 94 traversal.syncromsp.com 2->94 96 9 other IPs or domains 2->96 114 Detected unpacking (creates a PE file in dynamic memory) 2->114 116 .NET source code contains potential unpacker 2->116 118 Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines) 2->118 120 9 other signatures 2->120 10 INVOICE31401001340.exe 6 2->10         started        13 Syncro.Service.Runner.exe 49 31 2->13         started        17 SyncroLive.Service.Runner.exe 2->17         started        19 3 other processes 2->19 signatures3 process4 dnsIp5 86 C:\Users\user\...\Syncro.Installer.exe, PE32 10->86 dropped 21 Syncro.Installer.exe 45 174 10->21         started        106 wlndows.syncroapi.com 104.26.14.34, 443, 49727, 49730 CLOUDFLARENETUS United States 13->106 108 k8s-default-freebird-1b1347a338-108e2faffb945eb3.elb.us-east-1.amazonaws.com 3.222.92.158, 443, 49731, 49742 AMAZON-AESUS United States 13->108 112 2 other IPs or domains 13->112 88 C:\...\Syncro.Overmind.Service.exe, PE32 13->88 dropped 90 C:\ProgramData\Syncro\bin\FilePusher.exe, PE32 13->90 dropped 128 Creates files in the system32 config directory 13->128 26 Syncro.Overmind.Service.exe 13->26         started        28 Syncro.App.Runner.exe 13->28         started        30 Syncro.App.Runner.exe 13->30         started        34 2 other processes 13->34 32 SyncroLive.Agent.Runner.exe 17->32         started        110 127.0.0.1 unknown unknown 19->110 file6 signatures7 process8 dnsIp9 98 admin.syncroapi.com 172.67.70.15, 443, 49711 CLOUDFLARENETUS United States 21->98 100 k8s-default-kabutopr-bd4dfe3aec-18d42f354d40fada.elb.us-east-1.amazonaws.com 54.235.117.67, 443, 49703, 49712 AMAZON-AESUS United States 21->100 102 production.kabutoservices.com 52.40.78.72, 443, 49706, 49707 AMAZON-02US United States 21->102 76 C:\...\Telerik.Windows.Controls.dll, PE32 21->76 dropped 78 C:\...\Microsoft.Win32.TaskScheduler.dll, PE32 21->78 dropped 80 C:\Program Files\RepairTech\...\Update.exe, PE32 21->80 dropped 84 123 other files (1 malicious) 21->84 dropped 124 Installs Task Scheduler Managed Wrapper 21->124 36 Syncro.Overmind.Service.exe 21->36         started        40 cmd.exe 1 21->40         started        126 Creates files in the system32 config directory 26->126 42 conhost.exe 26->42         started        104 ec2-54-213-117-181.us-west-2.compute.amazonaws.com 54.213.117.181, 443, 49807, 49809 AMAZON-02US United States 32->104 82 C:\...\OpenHardwareMonitorLib.sys, PE32+ 32->82 dropped file10 signatures11 process12 file13 68 C:\...\Telerik.Windows.Controls.dll, PE32 36->68 dropped 70 C:\...\Microsoft.Win32.TaskScheduler.dll, PE32 36->70 dropped 72 C:\...\System.Management.Automation.dll, PE32 36->72 dropped 74 182 other files (2 malicious) 36->74 dropped 122 Installs Task Scheduler Managed Wrapper 36->122 44 sc.exe 36->44         started        46 sc.exe 36->46         started        48 sc.exe 36->48         started        50 sc.exe 36->50         started        52 InstallUtil.exe 2 6 40->52         started        54 conhost.exe 40->54         started        56 sc.exe 1 40->56         started        58 sc.exe 1 40->58         started        signatures14 process15 process16 60 conhost.exe 44->60         started        62 conhost.exe 46->62         started        64 conhost.exe 48->64         started        66 conhost.exe 50->66         started       
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
52.206.234.204
 k8s-default-syncropr-9fed691c09-f11dcedf98c8fd64.elb.us-east-1.amazonaws.com United States
14618 AMAZON-AESUS false
52.40.78.72
 production.kabutoservices.com United States
16509 AMAZON-02US false
3.222.92.158
 k8s-default-freebird-1b1347a338-108e2faffb945eb3.elb.us-east-1.amazonaws.com United States
14618 AMAZON-AESUS false
104.26.14.34
 wlndows.syncroapi.com United States
13335 CLOUDFLARENETUS false
172.67.70.15
 admin.syncroapi.com United States
13335 CLOUDFLARENETUS false
54.213.117.181
 ec2-54-213-117-181.us-west-2.compute.amazonaws.com United States
16509 AMAZON-02US false
54.84.28.205
 unknown United States
14618 AMAZON-AESUS false
54.235.117.67
 k8s-default-kabutopr-bd4dfe3aec-18d42f354d40fada.elb.us-east-1.amazonaws.com United States
14618 AMAZON-AESUS false

Private

IP
127.0.0.1

Contacted Domains

Name IP Active
wlndows.syncroapi.com 104.26.14.34 true
k8s-default-syncropr-9fed691c09-f11dcedf98c8fd64.elb.us-east-1.amazonaws.com 52.206.234.204 true
production.kabutoservices.com 52.40.78.72 true
k8s-default-freebird-1b1347a338-108e2faffb945eb3.elb.us-east-1.amazonaws.com 3.222.92.158 true
k8s-default-kabutopr-bd4dfe3aec-18d42f354d40fada.elb.us-east-1.amazonaws.com 54.235.117.67 true
ec2-54-213-117-181.us-west-2.compute.amazonaws.com 54.213.117.181 true
admin.syncroapi.com 172.67.70.15 true
realtime.kabutoservices.com unknown unknown
ld.aurelius.host unknown unknown
traversal.syncromsp.com unknown unknown
rmm.syncromsp.com unknown unknown

Contacted URLs

Name Malicious Antivirus Detection Reputation
https://production.kabutoservices.com/syncro/overmind/updates/releases false
  • Avira URL Cloud: safe
 unknown
https://production.kabutoservices.com/syncro/main/updates/servicing.defaults.json false
  • Avira URL Cloud: safe
 unknown
https://production.kabutoservices.com/syncro/overmind/updates/Syncro.Overmind.Service-1.0.27.exe false
  • Avira URL Cloud: safe
 unknown