redline | hxxps://www[.]mediafire[.]com/file/yy8ebe0fc8lmsse/Synapse_X__%25E3%2580%2590_CRACKED_%25E3%2580%2591[.]rar/file

Analysis

max time kernel
188s
max time network
451s
platform
windows10-1703_x64
resource
win10-20220901-en
resource tags

arch:x64arch:x86image:win10-20220901-enlocale:en-usos:windows10-1703-x64system
submitted
16-01-2023 13:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.mediafire.com/file/yy8ebe0fc8lmsse/Synapse_X__%25E3%2580%2590_CRACKED_%25E3%2580%2591.rar/file

Score

10^/10

redline @dxrkl0rd infostealer spyware

Malware Config

Extracted

Family

redline

Botnet

@dxrkl0rd

176.113.115.7:2883

Attributes

auth_value
9c8dd7353be7ed4b6832da21d8d0d902

Signatures

RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
infostealer redline
Executes dropped EXE 5 IoCs

Processes:

Synapse X.exeSynapse X.exeSynapse X.exeSynapse X.exeSynapse X.exe

pid process

1256 Synapse X.exe
2700 Synapse X.exe
5048 Synapse X.exe
2032 Synapse X.exe
4524 Synapse X.exe
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
spyware

Data from Local System
T1005

Credentials in Files
T1081

pid	process
1256	Synapse X.exe
2700	Synapse X.exe
5048	Synapse X.exe
2032	Synapse X.exe
4524	Synapse X.exe

Suspicious use of SetThreadContext 5 IoCs

Processes:

Synapse X.exeSynapse X.exeSynapse X.exeSynapse X.exeSynapse X.exe

description	pid	process	target process
PID 1256 set thread context of 4192	1256	Synapse X.exe	MSBuild.exe
PID 2700 set thread context of 2560	2700	Synapse X.exe	MSBuild.exe
PID 5048 set thread context of 1384	5048	Synapse X.exe	MSBuild.exe
PID 2032 set thread context of 4452	2032	Synapse X.exe	MSBuild.exe
PID 4524 set thread context of 3720	4524	Synapse X.exe	MSBuild.exe

Drops file in Windows directory 2 IoCs

Processes:

taskmgr.exe

description	ioc	process
File created	C:\Windows\rescache\_merged\4183903823\810424605.pri	taskmgr.exe
File created	C:\Windows\rescache\_merged\1601268389\3877292338.pri	taskmgr.exe

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

taskmgr.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe

Enumerates processes with tasklist 1 TTPs 1 IoCs

Process Discovery
T1057

Processes:

tasklist.exe

pid process

2644 tasklist.exe

pid	process
2644	tasklist.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies Internet Explorer Phishing Filter 1 TTPs 2 IoCs

Modify Registry

T1112

Processes:

iexplore.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-2368682536-4045190062-1465778271-1000\Software\Microsoft\Internet Explorer\PhishingFilter	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2368682536-4045190062-1465778271-1000\Software\Microsoft\Internet Explorer\PhishingFilter\ClientSupported_MigrationTime = d8bcd69a5bbed801	iexplore.exe

Modifies Internet Explorer settings 1 TTPs 45 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXE

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-2368682536-4045190062-1465778271-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2368682536-4045190062-1465778271-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2368682536-4045190062-1465778271-1000\Software\Microsoft\Internet Explorer\RepId	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2368682536-4045190062-1465778271-1000\Software\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "1231008729"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2368682536-4045190062-1465778271-1000\Software\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31009200"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2368682536-4045190062-1465778271-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$http://www.typepad.com/	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2368682536-4045190062-1465778271-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{748880E7-95A3-11ED-9424-76741CD23CBD} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2368682536-4045190062-1465778271-1000\Software\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31009200"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2368682536-4045190062-1465778271-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2368682536-4045190062-1465778271-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2368682536-4045190062-1465778271-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$vBulletin 4	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2368682536-4045190062-1465778271-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2368682536-4045190062-1465778271-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2368682536-4045190062-1465778271-1000\Software\Microsoft\Internet Explorer\FlipAhead\FileVersion = "2016061511"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2368682536-4045190062-1465778271-1000\Software\Microsoft\Internet Explorer\FlipAhead\NextUpdateDate = "380690042"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2368682536-4045190062-1465778271-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2368682536-4045190062-1465778271-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2368682536-4045190062-1465778271-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2368682536-4045190062-1465778271-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2368682536-4045190062-1465778271-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2368682536-4045190062-1465778271-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$Telligent	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2368682536-4045190062-1465778271-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2368682536-4045190062-1465778271-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$MediaWiki	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2368682536-4045190062-1465778271-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$vBulletin 3	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2368682536-4045190062-1465778271-1000\Software\Microsoft\Internet Explorer\HistoryJournalCertificate\NextUpdateDate = "380658054"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2368682536-4045190062-1465778271-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2368682536-4045190062-1465778271-1000\Software\Microsoft\Internet Explorer\RepId\PublicId = "{CEC8CD84-CF2F-4BD0-B361-0B5E0334B0DE}"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2368682536-4045190062-1465778271-1000\Software\Microsoft\Internet Explorer\VersionManager	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2368682536-4045190062-1465778271-1000\Software\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "1231008729"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2368682536-4045190062-1465778271-1000\Software\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31009200"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2368682536-4045190062-1465778271-1000\Software\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "1252103157"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2368682536-4045190062-1465778271-1000\Software\Microsoft\Internet Explorer\HistoryJournalCertificate	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2368682536-4045190062-1465778271-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2368682536-4045190062-1465778271-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2368682536-4045190062-1465778271-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "380641455"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2368682536-4045190062-1465778271-1000\Software\Microsoft\Internet Explorer\FlipAhead	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2368682536-4045190062-1465778271-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$blogger	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2368682536-4045190062-1465778271-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$WordPress	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2368682536-4045190062-1465778271-1000\Software\Microsoft\Internet Explorer\Main\DownloadWindowPlacement = 2c0000000000000000000000ffffffffffffffffffffffffffffffff100100003c000000900300001c020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2368682536-4045190062-1465778271-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2368682536-4045190062-1465778271-1000\Software\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2368682536-4045190062-1465778271-1000\Software\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2368682536-4045190062-1465778271-1000\Software\Microsoft\Internet Explorer\VersionManager	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2368682536-4045190062-1465778271-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2368682536-4045190062-1465778271-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$Discuz!	iexplore.exe

Modifies registry class 3 IoCs

Processes:

iexplore.exeOpenWith.exeOpenWith.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-2368682536-4045190062-1465778271-1000_Classes\Local Settings	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2368682536-4045190062-1465778271-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-2368682536-4045190062-1465778271-1000_Classes\Local Settings	OpenWith.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

taskmgr.exeMSBuild.exe

pid	process
1252	taskmgr.exe
1252	taskmgr.exe
1252	taskmgr.exe
1252	taskmgr.exe
4192	MSBuild.exe
1252	taskmgr.exe
1252	taskmgr.exe
1252	taskmgr.exe
1252	taskmgr.exe
1252	taskmgr.exe
1252	taskmgr.exe
1252	taskmgr.exe
4192	MSBuild.exe
1252	taskmgr.exe
1252	taskmgr.exe
1252	taskmgr.exe
1252	taskmgr.exe
1252	taskmgr.exe
1252	taskmgr.exe
1252	taskmgr.exe
1252	taskmgr.exe
1252	taskmgr.exe
1252	taskmgr.exe
1252	taskmgr.exe
1252	taskmgr.exe
1252	taskmgr.exe
1252	taskmgr.exe
1252	taskmgr.exe
1252	taskmgr.exe
1252	taskmgr.exe
1252	taskmgr.exe
1252	taskmgr.exe
1252	taskmgr.exe
1252	taskmgr.exe
1252	taskmgr.exe
1252	taskmgr.exe
1252	taskmgr.exe
1252	taskmgr.exe
1252	taskmgr.exe
1252	taskmgr.exe
1252	taskmgr.exe
1252	taskmgr.exe
1252	taskmgr.exe
1252	taskmgr.exe
1252	taskmgr.exe
1252	taskmgr.exe
1252	taskmgr.exe
1252	taskmgr.exe
1252	taskmgr.exe
1252	taskmgr.exe
1252	taskmgr.exe
1252	taskmgr.exe
1252	taskmgr.exe
1252	taskmgr.exe
1252	taskmgr.exe
1252	taskmgr.exe
1252	taskmgr.exe
1252	taskmgr.exe
1252	taskmgr.exe
1252	taskmgr.exe
1252	taskmgr.exe
1252	taskmgr.exe
1252	taskmgr.exe
1252	taskmgr.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

Processes:

chrome.exe

pid process

5088 chrome.exe
5088 chrome.exe
5088 chrome.exe

pid	process
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe

Suspicious use of AdjustPrivilegeToken 9 IoCs

Processes:

7zG.exetaskmgr.exeMSBuild.exeMSBuild.exe

description	pid	process
Token: SeRestorePrivilege	2304	7zG.exe
Token: 35	2304	7zG.exe
Token: SeSecurityPrivilege	2304	7zG.exe
Token: SeSecurityPrivilege	2304	7zG.exe
Token: SeDebugPrivilege	1252	taskmgr.exe
Token: SeSystemProfilePrivilege	1252	taskmgr.exe
Token: SeCreateGlobalPrivilege	1252	taskmgr.exe
Token: SeDebugPrivilege	4192	MSBuild.exe
Token: SeDebugPrivilege	2560	MSBuild.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

iexplore.exe7zG.exetaskmgr.exe

pid	process
2776	iexplore.exe
2776	iexplore.exe
2304	7zG.exe
1252	taskmgr.exe
1252	taskmgr.exe
1252	taskmgr.exe
1252	taskmgr.exe
1252	taskmgr.exe
1252	taskmgr.exe
1252	taskmgr.exe
1252	taskmgr.exe
1252	taskmgr.exe
1252	taskmgr.exe
1252	taskmgr.exe
1252	taskmgr.exe
1252	taskmgr.exe
1252	taskmgr.exe
1252	taskmgr.exe
1252	taskmgr.exe
1252	taskmgr.exe
1252	taskmgr.exe
1252	taskmgr.exe
1252	taskmgr.exe
1252	taskmgr.exe
1252	taskmgr.exe
1252	taskmgr.exe
1252	taskmgr.exe
1252	taskmgr.exe
1252	taskmgr.exe
1252	taskmgr.exe
1252	taskmgr.exe
1252	taskmgr.exe
1252	taskmgr.exe
1252	taskmgr.exe
1252	taskmgr.exe
1252	taskmgr.exe
1252	taskmgr.exe
1252	taskmgr.exe
1252	taskmgr.exe
1252	taskmgr.exe
1252	taskmgr.exe
1252	taskmgr.exe
1252	taskmgr.exe
1252	taskmgr.exe
1252	taskmgr.exe
1252	taskmgr.exe
1252	taskmgr.exe
1252	taskmgr.exe
1252	taskmgr.exe
1252	taskmgr.exe
1252	taskmgr.exe
1252	taskmgr.exe
1252	taskmgr.exe
1252	taskmgr.exe
1252	taskmgr.exe
1252	taskmgr.exe
1252	taskmgr.exe
1252	taskmgr.exe
1252	taskmgr.exe
1252	taskmgr.exe
1252	taskmgr.exe
1252	taskmgr.exe
1252	taskmgr.exe
1252	taskmgr.exe

Suspicious use of SendNotifyMessage 64 IoCs

Processes:

taskmgr.exe

pid	process
1252	taskmgr.exe
1252	taskmgr.exe
1252	taskmgr.exe
1252	taskmgr.exe
1252	taskmgr.exe
1252	taskmgr.exe
1252	taskmgr.exe
1252	taskmgr.exe
1252	taskmgr.exe
1252	taskmgr.exe
1252	taskmgr.exe
1252	taskmgr.exe
1252	taskmgr.exe
1252	taskmgr.exe
1252	taskmgr.exe
1252	taskmgr.exe
1252	taskmgr.exe
1252	taskmgr.exe
1252	taskmgr.exe
1252	taskmgr.exe
1252	taskmgr.exe
1252	taskmgr.exe
1252	taskmgr.exe
1252	taskmgr.exe
1252	taskmgr.exe
1252	taskmgr.exe
1252	taskmgr.exe
1252	taskmgr.exe
1252	taskmgr.exe
1252	taskmgr.exe
1252	taskmgr.exe
1252	taskmgr.exe
1252	taskmgr.exe
1252	taskmgr.exe
1252	taskmgr.exe
1252	taskmgr.exe
1252	taskmgr.exe
1252	taskmgr.exe
1252	taskmgr.exe
1252	taskmgr.exe
1252	taskmgr.exe
1252	taskmgr.exe
1252	taskmgr.exe
1252	taskmgr.exe
1252	taskmgr.exe
1252	taskmgr.exe
1252	taskmgr.exe
1252	taskmgr.exe
1252	taskmgr.exe
1252	taskmgr.exe
1252	taskmgr.exe
1252	taskmgr.exe
1252	taskmgr.exe
1252	taskmgr.exe
1252	taskmgr.exe
1252	taskmgr.exe
1252	taskmgr.exe
1252	taskmgr.exe
1252	taskmgr.exe
1252	taskmgr.exe
1252	taskmgr.exe
1252	taskmgr.exe
1252	taskmgr.exe
1252	taskmgr.exe

Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

iexplore.exeIEXPLORE.EXEOpenWith.exeOpenWith.exe

pid process

2776 iexplore.exe
2776 iexplore.exe
3508 IEXPLORE.EXE
3508 IEXPLORE.EXE
4472 OpenWith.exe
1476 OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

iexplore.exeSynapse X.exeSynapse X.exeSynapse X.exeSynapse X.exeSynapse X.exechrome.exe

description	pid	process	target process
PID 2776 wrote to memory of 3508	2776	iexplore.exe	IEXPLORE.EXE
PID 2776 wrote to memory of 3508	2776	iexplore.exe	IEXPLORE.EXE
PID 2776 wrote to memory of 3508	2776	iexplore.exe	IEXPLORE.EXE
PID 1256 wrote to memory of 4192	1256	Synapse X.exe	MSBuild.exe
PID 1256 wrote to memory of 4192	1256	Synapse X.exe	MSBuild.exe
PID 1256 wrote to memory of 4192	1256	Synapse X.exe	MSBuild.exe
PID 1256 wrote to memory of 4192	1256	Synapse X.exe	MSBuild.exe
PID 1256 wrote to memory of 4192	1256	Synapse X.exe	MSBuild.exe
PID 1256 wrote to memory of 4192	1256	Synapse X.exe	MSBuild.exe
PID 1256 wrote to memory of 4192	1256	Synapse X.exe	MSBuild.exe
PID 1256 wrote to memory of 4192	1256	Synapse X.exe	MSBuild.exe
PID 2700 wrote to memory of 2560	2700	Synapse X.exe	MSBuild.exe
PID 2700 wrote to memory of 2560	2700	Synapse X.exe	MSBuild.exe
PID 2700 wrote to memory of 2560	2700	Synapse X.exe	MSBuild.exe
PID 2700 wrote to memory of 2560	2700	Synapse X.exe	MSBuild.exe
PID 2700 wrote to memory of 2560	2700	Synapse X.exe	MSBuild.exe
PID 2700 wrote to memory of 2560	2700	Synapse X.exe	MSBuild.exe
PID 2700 wrote to memory of 2560	2700	Synapse X.exe	MSBuild.exe
PID 2700 wrote to memory of 2560	2700	Synapse X.exe	MSBuild.exe
PID 5048 wrote to memory of 1384	5048	Synapse X.exe	MSBuild.exe
PID 5048 wrote to memory of 1384	5048	Synapse X.exe	MSBuild.exe
PID 5048 wrote to memory of 1384	5048	Synapse X.exe	MSBuild.exe
PID 5048 wrote to memory of 1384	5048	Synapse X.exe	MSBuild.exe
PID 5048 wrote to memory of 1384	5048	Synapse X.exe	MSBuild.exe
PID 5048 wrote to memory of 1384	5048	Synapse X.exe	MSBuild.exe
PID 5048 wrote to memory of 1384	5048	Synapse X.exe	MSBuild.exe
PID 5048 wrote to memory of 1384	5048	Synapse X.exe	MSBuild.exe
PID 2032 wrote to memory of 4452	2032	Synapse X.exe	MSBuild.exe
PID 2032 wrote to memory of 4452	2032	Synapse X.exe	MSBuild.exe
PID 2032 wrote to memory of 4452	2032	Synapse X.exe	MSBuild.exe
PID 2032 wrote to memory of 4452	2032	Synapse X.exe	MSBuild.exe
PID 2032 wrote to memory of 4452	2032	Synapse X.exe	MSBuild.exe
PID 2032 wrote to memory of 4452	2032	Synapse X.exe	MSBuild.exe
PID 2032 wrote to memory of 4452	2032	Synapse X.exe	MSBuild.exe
PID 2032 wrote to memory of 4452	2032	Synapse X.exe	MSBuild.exe
PID 4524 wrote to memory of 3720	4524	Synapse X.exe	MSBuild.exe
PID 4524 wrote to memory of 3720	4524	Synapse X.exe	MSBuild.exe
PID 4524 wrote to memory of 3720	4524	Synapse X.exe	MSBuild.exe
PID 4524 wrote to memory of 3720	4524	Synapse X.exe	MSBuild.exe
PID 4524 wrote to memory of 3720	4524	Synapse X.exe	MSBuild.exe
PID 4524 wrote to memory of 3720	4524	Synapse X.exe	MSBuild.exe
PID 4524 wrote to memory of 3720	4524	Synapse X.exe	MSBuild.exe
PID 4524 wrote to memory of 3720	4524	Synapse X.exe	MSBuild.exe
PID 5088 wrote to memory of 3684	5088	chrome.exe	chrome.exe
PID 5088 wrote to memory of 3684	5088	chrome.exe	chrome.exe
PID 5088 wrote to memory of 4672	5088	chrome.exe	chrome.exe
PID 5088 wrote to memory of 4672	5088	chrome.exe	chrome.exe
PID 5088 wrote to memory of 4672	5088	chrome.exe	chrome.exe
PID 5088 wrote to memory of 4672	5088	chrome.exe	chrome.exe
PID 5088 wrote to memory of 4672	5088	chrome.exe	chrome.exe
PID 5088 wrote to memory of 4672	5088	chrome.exe	chrome.exe
PID 5088 wrote to memory of 4672	5088	chrome.exe	chrome.exe
PID 5088 wrote to memory of 4672	5088	chrome.exe	chrome.exe
PID 5088 wrote to memory of 4672	5088	chrome.exe	chrome.exe
PID 5088 wrote to memory of 4672	5088	chrome.exe	chrome.exe
PID 5088 wrote to memory of 4672	5088	chrome.exe	chrome.exe
PID 5088 wrote to memory of 4672	5088	chrome.exe	chrome.exe
PID 5088 wrote to memory of 4672	5088	chrome.exe	chrome.exe
PID 5088 wrote to memory of 4672	5088	chrome.exe	chrome.exe
PID 5088 wrote to memory of 4672	5088	chrome.exe	chrome.exe
PID 5088 wrote to memory of 4672	5088	chrome.exe	chrome.exe
PID 5088 wrote to memory of 4672	5088	chrome.exe	chrome.exe
PID 5088 wrote to memory of 4672	5088	chrome.exe	chrome.exe
PID 5088 wrote to memory of 4672	5088	chrome.exe	chrome.exe

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" https://www.mediafire.com/file/yy8ebe0fc8lmsse/Synapse_X__%25E3%2580%2590_CRACKED_%25E3%2580%2591.rar/file
1⤵
- Modifies Internet Explorer Phishing Filter
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2776

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2776 CREDAT:82945 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:3508

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4472

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:1476

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4276

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Synapse X ã€ CRACKED ã€‘\" -ad -an -ai#7zMap7263:114:7zEvent29600
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:2304

C:\Users\Admin\Downloads\Synapse X ã€ CRACKED ã€‘\Synapse X.exe
"C:\Users\Admin\Downloads\Synapse X ã€ CRACKED ã€‘\Synapse X.exe"
1⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:1256

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:4192

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /7
1⤵
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1252

C:\Users\Admin\Downloads\Synapse X ã€ CRACKED ã€‘\Synapse X.exe
"C:\Users\Admin\Downloads\Synapse X ã€ CRACKED ã€‘\Synapse X.exe"
1⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:2700

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
2⤵
- Suspicious use of AdjustPrivilegeToken
PID:2560

C:\Users\Admin\Downloads\Synapse X ã€ CRACKED ã€‘\Synapse X.exe
"C:\Users\Admin\Downloads\Synapse X ã€ CRACKED ã€‘\Synapse X.exe"
1⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:5048

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
2⤵
PID:1384

C:\Users\Admin\Downloads\Synapse X ã€ CRACKED ã€‘\Synapse X.exe
"C:\Users\Admin\Downloads\Synapse X ã€ CRACKED ã€‘\Synapse X.exe"
1⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:2032

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
2⤵
PID:4452

C:\Users\Admin\Downloads\Synapse X ã€ CRACKED ã€‘\Synapse X.exe
"C:\Users\Admin\Downloads\Synapse X ã€ CRACKED ã€‘\Synapse X.exe"
1⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:4524

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
2⤵
PID:3720

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of WriteProcessMemory
PID:5088

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xd0,0xd4,0xd8,0xac,0xdc,0x7ffccc014f50,0x7ffccc014f60,0x7ffccc014f70
2⤵
PID:3684

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1464,12133457256007294918,7942902158139410116,131072 --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1672 /prefetch:8
2⤵
PID:1508

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1464,12133457256007294918,7942902158139410116,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2276 /prefetch:8
2⤵
PID:3768

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1464,12133457256007294918,7942902158139410116,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1624 /prefetch:2
2⤵
PID:4672

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1464,12133457256007294918,7942902158139410116,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2616 /prefetch:1
2⤵
PID:4488

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1464,12133457256007294918,7942902158139410116,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2580 /prefetch:1
2⤵
PID:5020

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1464,12133457256007294918,7942902158139410116,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3524 /prefetch:1
2⤵
PID:4032

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1464,12133457256007294918,7942902158139410116,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4204 /prefetch:8
2⤵
PID:4860

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1464,12133457256007294918,7942902158139410116,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4388 /prefetch:8
2⤵
PID:4824

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1464,12133457256007294918,7942902158139410116,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4572 /prefetch:8
2⤵
PID:2100

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1464,12133457256007294918,7942902158139410116,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4832 /prefetch:8
2⤵
PID:4588

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1464,12133457256007294918,7942902158139410116,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4380 /prefetch:8
2⤵
PID:4948

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1464,12133457256007294918,7942902158139410116,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4964 /prefetch:8
2⤵
PID:4264

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1464,12133457256007294918,7942902158139410116,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4576 /prefetch:1
2⤵
PID:660

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1464,12133457256007294918,7942902158139410116,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2812 /prefetch:1
2⤵
PID:2376

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1464,12133457256007294918,7942902158139410116,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2624 /prefetch:1
2⤵
PID:8

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1464,12133457256007294918,7942902158139410116,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3560 /prefetch:1
2⤵
PID:3668

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1464,12133457256007294918,7942902158139410116,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4940 /prefetch:1
2⤵
PID:2964

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1464,12133457256007294918,7942902158139410116,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3568 /prefetch:8
2⤵
PID:748

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1464,12133457256007294918,7942902158139410116,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5676 /prefetch:8
2⤵
PID:3756

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1464,12133457256007294918,7942902158139410116,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4948 /prefetch:1
2⤵
PID:400

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1464,12133457256007294918,7942902158139410116,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6140 /prefetch:1
2⤵
PID:672

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1464,12133457256007294918,7942902158139410116,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5940 /prefetch:1
2⤵
PID:4632

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1464,12133457256007294918,7942902158139410116,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4280 /prefetch:8
2⤵
PID:4676

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1464,12133457256007294918,7942902158139410116,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5716 /prefetch:8
2⤵
PID:4772

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1464,12133457256007294918,7942902158139410116,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5916 /prefetch:8
2⤵
PID:68

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1464,12133457256007294918,7942902158139410116,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4772 /prefetch:1
2⤵
PID:2336

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1464,12133457256007294918,7942902158139410116,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4824 /prefetch:8
2⤵
PID:2252

C:\Users\Admin\Downloads\JJSploit Installer.exe
"C:\Users\Admin\Downloads\JJSploit Installer.exe"
2⤵
PID:4860

C:\Windows\SysWOW64\cmd.exe
cmd /c tasklist /FI "USERNAME eq %USERNAME%" /FI "IMAGENAME eq JJS-UI.exe" | %SYSTEMROOT%\System32\find.exe "JJS-UI.exe"
3⤵
PID:4976

C:\Windows\SysWOW64\tasklist.exe
tasklist /FI "USERNAME eq Admin" /FI "IMAGENAME eq JJS-UI.exe"
4⤵
- Enumerates processes with tasklist
PID:2644

C:\Windows\SysWOW64\find.exe
C:\Windows\System32\find.exe "JJS-UI.exe"
4⤵
PID:3984

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1464,12133457256007294918,7942902158139410116,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6176 /prefetch:8
2⤵
PID:916

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1464,12133457256007294918,7942902158139410116,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=848 /prefetch:8
2⤵
PID:1228

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1464,12133457256007294918,7942902158139410116,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3316 /prefetch:8
2⤵
PID:3776

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1464,12133457256007294918,7942902158139410116,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5892 /prefetch:8
2⤵
PID:4652

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1464,12133457256007294918,7942902158139410116,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5868 /prefetch:2
2⤵
PID:4148

C:\Users\Admin\AppData\Local\Programs\JJS-UI\JJS-UI.exe
"C:\Users\Admin\AppData\Local\Programs\JJS-UI\JJS-UI.exe"
1⤵
PID:5028

C:\Users\Admin\AppData\Local\Programs\JJS-UI\JJS-UI.exe
"C:\Users\Admin\AppData\Local\Programs\JJS-UI\JJS-UI.exe" --type=gpu-process --field-trial-handle=1600,9728266483804455959,4124850179343229797,131072 --enable-features=WebComponentsV0Enabled --disable-features=SpareRendererForSitePerProcess --gpu-preferences=KAAAAAAAAADgAAAwAAAAAAAAYAAAAAAAEAAAAAAAAAAAAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --mojo-platform-channel-handle=1608 --ignored=" --type=renderer " /prefetch:2
2⤵
PID:3516

C:\Users\Admin\AppData\Local\Programs\JJS-UI\JJS-UI.exe
"C:\Users\Admin\AppData\Local\Programs\JJS-UI\JJS-UI.exe" --type=utility --field-trial-handle=1600,9728266483804455959,4124850179343229797,131072 --enable-features=WebComponentsV0Enabled --disable-features=SpareRendererForSitePerProcess --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1964 /prefetch:8
2⤵
PID:4204

C:\Users\Admin\AppData\Local\Programs\JJS-UI\JJS-UI.exe
"C:\Users\Admin\AppData\Local\Programs\JJS-UI\JJS-UI.exe" --type=renderer --field-trial-handle=1600,9728266483804455959,4124850179343229797,131072 --enable-features=WebComponentsV0Enabled --disable-features=SpareRendererForSitePerProcess --lang=en-US --app-path="C:\Users\Admin\AppData\Local\Programs\JJS-UI\resources\app.asar" --no-sandbox --no-zygote --preload="C:\Users\Admin\AppData\Local\Programs\JJS-UI\resources\app.asar\build\preload.js" --enable-remote-module --background-color=#fff --enable-websql --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2056 /prefetch:1
2⤵
PID:4228

C:\Users\Admin\AppData\Local\Programs\JJS-UI\JJS-UI.exe
"C:\Users\Admin\AppData\Local\Programs\JJS-UI\JJS-UI.exe"
1⤵
PID:3308

C:\Users\Admin\AppData\Local\Programs\JJS-UI\JJS-UI.exe
"C:\Users\Admin\AppData\Local\Programs\JJS-UI\JJS-UI.exe" --type=gpu-process --field-trial-handle=1604,405082228964780624,3788621001654566833,131072 --enable-features=WebComponentsV0Enabled --disable-features=SpareRendererForSitePerProcess --gpu-preferences=KAAAAAAAAADgAAAwAAAAAAAAYAAAAAAAEAAAAAAAAAAAAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --mojo-platform-channel-handle=1612 --ignored=" --type=renderer " /prefetch:2
2⤵
PID:1104

C:\Users\Admin\AppData\Local\Programs\JJS-UI\JJS-UI.exe
"C:\Users\Admin\AppData\Local\Programs\JJS-UI\JJS-UI.exe" --type=utility --field-trial-handle=1604,405082228964780624,3788621001654566833,131072 --enable-features=WebComponentsV0Enabled --disable-features=SpareRendererForSitePerProcess --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1972 /prefetch:8
2⤵
PID:4944

C:\Users\Admin\AppData\Local\Programs\JJS-UI\JJS-UI.exe
"C:\Users\Admin\AppData\Local\Programs\JJS-UI\JJS-UI.exe" --type=renderer --field-trial-handle=1604,405082228964780624,3788621001654566833,131072 --enable-features=WebComponentsV0Enabled --disable-features=SpareRendererForSitePerProcess --lang=en-US --app-path="C:\Users\Admin\AppData\Local\Programs\JJS-UI\resources\app.asar" --no-sandbox --no-zygote --preload="C:\Users\Admin\AppData\Local\Programs\JJS-UI\resources\app.asar\build\preload.js" --enable-remote-module --background-color=#fff --enable-websql --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2124 /prefetch:1
2⤵
PID:4832

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
1⤵
PID:3192

C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
1⤵
PID:1112

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:956

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:4944

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:820

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:4072

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials in Files

T1081

Discovery

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Process Discovery

T1057

Lateral Movement

Collection

Data from Local System

T1005

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\07CEF2F654E3ED6050FFC9B6EB844250_3431D4C539FB2CFCB781821E9902850D
Filesize
2KB

MD5
7fbc6d7fc1a03d0d7c9b16a1b83fedd4

SHA1
002a1271db1de79dcd73c31f9ed54ca393299ccf

SHA256
0192cb8180619b77068d0f393434edd19ac931fd43e2070c6246edbabc835087

SHA512
ad56330c58d71b3bae41a1f502ee8c2ab0c5ada342cc1ffb550a3499a7538337ec89d770734036e580ae5192571e5a7039c8ac623a555195cd83e196aafcea96

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
Filesize
471B

MD5
54fbcf7b5547dede3a1fadcb8124973e

SHA1
c713a8f9427b05dcc0b735b524c2d512b6ea1063

SHA256
1d0c8cfae4f457c9ff142fda6b2f940f6285f3c3cbc637a3e1ab30a59dba91b1

SHA512
68d678aec8837cd3b3d3a76d15491551e639aa775e712a8f6acb259971ed45cdee92ff25027799eb96c94f7a573cbbbff76bf7994cbb80abb08d267f6c727728

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\07CEF2F654E3ED6050FFC9B6EB844250_3431D4C539FB2CFCB781821E9902850D
Filesize
488B

MD5
a0f348437d6e0248815b9863a2085556

SHA1
df0e22645d2bec6624d7cf714e175fa7f3c6134a

SHA256
e2206f9b495966ae1427254ccc0fd839f416d010f1b40f2458a0b10de3938de0

SHA512
a00192b0f03ee9ec98b87853f067520825c004b9a19a53da428c218e0f30f18dd8903b58fccbc5f83f6b12bd3bb01d5ecab30dc1dda57b70598fada7c0ae8cee

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
Filesize
434B

MD5
9ea54f87ad7630418903c836dcee346f

SHA1
78968db6d8b41a89a9ab8104f07dfd78b031c962

SHA256
90a12d325ac319906fd7917653e936dfa2e48feff2859e4a9b79a2a7dc5bba03

SHA512
64664e7fbf7a723a1a3a17f814851f09ea2a9d386e6f831bfe7acd93dec299de6ece951c2606b6a644ac935a398dfb3da045315fe1315432b1916afffd8e6178

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\Synapse X.exe.log
Filesize
226B

MD5
d78293ab15ad25b5d6e8740fe5fd3872

SHA1
51b70837f90f2bff910daee706e6be8d62a3550e

SHA256
4d64746f8d24ec321b1a6c3a743946b66d8317cbc6bac6fed675a4bf6fa181f3

SHA512
1127435ef462f52677e1ef4d3b8cfdf9f5d95c832b4c9f41526b7448d315f25d96d3d5454108569b76d66d78d07ea5ba4a1ba8baee108e8c1b452ba19cc04925

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\MSBuild.exe.log
Filesize
2KB

MD5
13ed5bc15e294bc5e8f150f6e66a3436

SHA1
dc529e5b9b2e56cb78d055608d816ef1fdc1d5ab

SHA256
0de400d28693692eda686be43f7f9b362decbdc59c15e0ebbc3bfae4b5ca8ca9

SHA512
0f3e542a58eaf2790f9184032e4522eb51f6fa0a43a2eb1770de3c69640dfa0100edf31d5739636cf2388fb52552e6a81450d7c9e274020cd550dfd2fc991212

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\651G4ZPK.cookie
Filesize
615B

MD5
282ed656d01df406125fa7192e6fc054

SHA1
55904dcd6a4153c98fcade58121bf1338b2c6e12

SHA256
12cb54bc38f9018494aca26b1f8c55181965b928563ab7dd3026041ae3e4c0fc

SHA512
6da35c408d4c2359fdd3e985e6b7c585d472c81d96a235de3ea74ebc6d99f4d16af1b3cfa3817a521d85a114d2bd7cf128907c6468e4b50ba15051992d87fcd0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\JE1G3WZ5.cookie
Filesize
615B

MD5
a70d046c9c03890f87a6c25f47ac758f

SHA1
652292087122bc82ecbe35dd7869ab01e4ca5130

SHA256
e85f0095eed5fe0285f42aa892c8d5608e18d14807fdd802eafe9ebd15eea31a

SHA512
dbf783d4b58a7a510448fbe1558808fd87876d96237628e96e7e2ae7cf85e248562633deef9c59c6428335f3a011fc57a7958b221fd09c475dbf4bc2078e1687

Download Submit
C:\Users\Admin\AppData\Local\Programs\JJS-UI\JJS-UI.exe
Filesize
86.3MB

MD5
f5785ecacd2d277155d5508c2da9691a

SHA1
9493e996f43ab114ca81c6e7471b09aaacf9cac6

SHA256
9726f363853807338f7affc14689320ac9aefef3a08f030d2d9f6f1770f1f657

SHA512
080f30724a0dabf1a8d6b843c47ea073448e012680213592563180281dd13fbccf5634aba51f618cbcb9737de1088abaf39319be6a8606a4f10d822ee0caa97c

Download Submit
C:\Users\Admin\AppData\Local\Programs\JJS-UI\chrome_100_percent.pak
Filesize
175KB

MD5
3ff806f44723cee528a1aaee4d3a289e

SHA1
56830e7ff31f803077aed774fafebd4e6c5e6c90

SHA256
65cb11d090b32e0fb3c740a736c13c0a47cb1bcb265c084e3de5bb7474fb662f

SHA512
03dafb839308d644a9943ba66838536fbd1f606cafe392f90925ce51766b5e3a9064d60ca8463bacf7238258beded570d5a0007f3ce11c14f87b10faa2da2977

Download Submit
C:\Users\Admin\AppData\Local\Programs\JJS-UI\ffmpeg.dll
Filesize
2.1MB

MD5
f193d766add1c6386ff6dbbccf7e176a

SHA1
c467242b06dd9ad3b81f47f3fd4cb2faf320f0f1

SHA256
cb7e3974970f4e306e444a4b605e4ed9a83fe62383cfa4897755c77eecec7893

SHA512
8ea7dcd2a417d3cb49ff8523a250ee804158101b355f61377f967d7ff309ec743e9c3c055022179c37dc736314ed73097b601c9376d11cf34d750049ab6e1984

Download Submit
C:\Users\Admin\AppData\Local\Programs\JJS-UI\icudtl.dat
Filesize
10.0MB

MD5
3f019441588332ac8b79a3a3901a5449

SHA1
c8930e95b78deef5b7730102acd39f03965d479a

SHA256
594637e10b8f5c97157413528f0cbf5bc65b4ab9e79f5fa34fe268092655ec57

SHA512
ee083ae5e93e70d5bbebe36ec482aa75c47d908df487a43db2b55ddd6b55c291606649175cf7907d6ab64fc81ead7275ec56e3193b631f8f78b10d2c775fd1a9

Download Submit
C:\Users\Admin\AppData\Local\Programs\JJS-UI\v8_context_snapshot.bin
Filesize
541KB

MD5
bd06321191c06413bb9c15c3987859ef

SHA1
eb6a73a3429f3151632a05d5ca5e3590b782ed85

SHA256
cfbc1a5e921074913a87b1ce7d6d99cb4accf6d7926d242bd264846142dc635d

SHA512
48ddbd1d8c77857b2a2bee65f4b903441bd675fc7bf53e96be2a78557f85c00f27344e7cdd29352ec9977417b991316365d66f5e40b4b9884415693aba283ded

Download Submit
C:\Users\Admin\Downloads\JJSploit Installer.exe
Filesize
50.0MB

MD5
662d26b4e627e44a0da5e5e99fa41942

SHA1
93ea678ba8449bfdfd7a26e82fae39f00185e8d8

SHA256
30e248df598327c72d4f293fe8e69dd11e91494476e9ae56557bce939833bb7b

SHA512
284078b1afaf2ff213aecf30fb298a6cf026cbf884227bc6864fedc60a40770a264a3b1a601b9fc1094e9bf1d8a0213359841631e5c83f1232c7db08a6b72cda

Download Submit
C:\Users\Admin\Downloads\Synapse X ã€ CRACKED ã€‘.rar.cjkfo9j.partial
Filesize
6.1MB

MD5
0ed71144e4524c59c1a72c4f27150a06

SHA1
2ce4825e03c14faeedcd5cfa1f8ebe61e292d24a

SHA256
57cf81bb85d70bd484fc207f74b1e0ac1829b6efc29385a8d29784379f73b68e

SHA512
44c8453bf070f2a9eeca77f202acc88bfbebffa5e86e0aa0e1fdd4906c26740dc4ab7dcab5f267d30ab94f1b33bbf6e0d532bcb8a898ccf89a1e7ba5ccd5dede

Download Submit
C:\Users\Admin\Downloads\Synapse X ã€ CRACKED ã€‘\Synapse X.exe
Filesize
741.0MB

MD5
5ed75f2f1f9cd40dc17224aaf3697f6d

SHA1
f1715feb86dcd79b25c8c7a946f8a0a74f689105

SHA256
174aae6e2fdb01a686cf3b488c58c9efb9183ec037d6769d228dcf855eb27350

SHA512
1b3d785818ecebce4adc1a12a5a2f287ba74266fafe4fb2dd456cb2b546e1019e08ca8895fcc6015400008cfc7f4182b7363be41c4c39dc834dd5c67d39d6756

Download Submit
C:\Users\Admin\Downloads\Synapse X ã€ CRACKED ã€‘\Synapse X.exe
Filesize
741.0MB

MD5
5ed75f2f1f9cd40dc17224aaf3697f6d

SHA1
f1715feb86dcd79b25c8c7a946f8a0a74f689105

SHA256
174aae6e2fdb01a686cf3b488c58c9efb9183ec037d6769d228dcf855eb27350

SHA512
1b3d785818ecebce4adc1a12a5a2f287ba74266fafe4fb2dd456cb2b546e1019e08ca8895fcc6015400008cfc7f4182b7363be41c4c39dc834dd5c67d39d6756

Download Submit
C:\Users\Admin\Downloads\Synapse X ã€ CRACKED ã€‘\Synapse X.exe
Filesize
644.1MB

MD5
041e2f5851ce936808210e009d36ffb4

SHA1
d43e776660d97a0e3c5949c362f38136bf95f6c3

SHA256
63865d391e39cc9dbcd131066853e973d3adc62b2edf408b9334c7cfa0cde2c7

SHA512
6a76f3d636589112756bafe145e239cf053c7a0a2718c0abaa413bd333a37c13385d51eb92ac421273015c2cb1d90a7c4cbf6a4b9fc97b311171ea4636029440

Download Submit
C:\Users\Admin\Downloads\Synapse X ã€ CRACKED ã€‘\Synapse X.exe
Filesize
569.0MB

MD5
835088b5044e9db47b6ae180a257e920

SHA1
596b994fbcfc0c14db3dbf0748b87a31aa6f3a22

SHA256
3e8a088476e41dab8fc7f6ecc5022b9c0ff867991759c6d02ea7aee681d165ab

SHA512
1a44b2de804dc4dc76d54f5cadf99e317bd3ce301cbd9ea7fe4f72fd8d4e778ee20cdf8873ed7bbbc189b03ce18890b4d05659e9b9996a4eea7cda50a131cef9

Download Submit
C:\Users\Admin\Downloads\Synapse X ã€ CRACKED ã€‘\Synapse X.exe
Filesize
606.7MB

MD5
19f8ce32d01076ceb03b10bffbd17644

SHA1
ad7e79012e2b0de19ef19bd9a2b50600af40b868

SHA256
c41acc90a87692ee48b0c4085ccc702d967f33caee49c5965371e9be3628ba33

SHA512
0c36ae9f910232bf29011abd2014d2f30fa669ef00b7cf1b1498c6eb5181816440a988bdfc35aa89223e40f6849d150a3cf7ca95c6e4920d139c975d29cddf59

Download Submit
C:\Users\Admin\Downloads\Synapse X ã€ CRACKED ã€‘\Synapse X.exe
Filesize
601.9MB

MD5
acc69c5322fec4e1616d16a1339cf9d8

SHA1
d9df8ca9d8dc682210fcd95c5140c61f7b40d620

SHA256
80a2d674b3c6cff57901a7fd5900bec965d9aec4f176a317fe0df71fcded09af

SHA512
a35a1b0e8a633a085af32f1969da83e3c57f2ea53f0a935ce1af847a92edc2db7358df13b19e497c40d065c646a192e2f0fc71dd54cdd53311553384f0ba12a8

Download Submit
\??\c:\users\admin\appdata\local\programs\jjs-ui\jjs-ui.exe
Filesize
86.3MB

MD5
f5785ecacd2d277155d5508c2da9691a

SHA1
9493e996f43ab114ca81c6e7471b09aaacf9cac6

SHA256
9726f363853807338f7affc14689320ac9aefef3a08f030d2d9f6f1770f1f657

SHA512
080f30724a0dabf1a8d6b843c47ea073448e012680213592563180281dd13fbccf5634aba51f618cbcb9737de1088abaf39319be6a8606a4f10d822ee0caa97c

Download Submit
\??\c:\users\admin\downloads\jjsploit installer.exe
Filesize
50.0MB

MD5
662d26b4e627e44a0da5e5e99fa41942

SHA1
93ea678ba8449bfdfd7a26e82fae39f00185e8d8

SHA256
30e248df598327c72d4f293fe8e69dd11e91494476e9ae56557bce939833bb7b

SHA512
284078b1afaf2ff213aecf30fb298a6cf026cbf884227bc6864fedc60a40770a264a3b1a601b9fc1094e9bf1d8a0213359841631e5c83f1232c7db08a6b72cda

Download Submit
\??\pipe\crashpad_5088_DTWBORBTJJRZFIWY
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
\Users\Admin\AppData\Local\Programs\JJS-UI\ffmpeg.dll
Filesize
2.1MB

MD5
f193d766add1c6386ff6dbbccf7e176a

SHA1
c467242b06dd9ad3b81f47f3fd4cb2faf320f0f1

SHA256
cb7e3974970f4e306e444a4b605e4ed9a83fe62383cfa4897755c77eecec7893

SHA512
8ea7dcd2a417d3cb49ff8523a250ee804158101b355f61377f967d7ff309ec743e9c3c055022179c37dc736314ed73097b601c9376d11cf34d750049ab6e1984

Download Submit
\Users\Admin\AppData\Local\Temp\nsx2D4C.tmp\SpiderBanner.dll
Filesize
9KB

MD5
17309e33b596ba3a5693b4d3e85cf8d7

SHA1
7d361836cf53df42021c7f2b148aec9458818c01

SHA256
996a259e53ca18b89ec36d038c40148957c978c0fd600a268497d4c92f882a93

SHA512
1abac3ce4f2d5e4a635162e16cf9125e059ba1539f70086c2d71cd00d41a6e2a54d468e6f37792e55a822d7082fb388b8dfecc79b59226bbb047b7d28d44d298

Download Submit
\Users\Admin\AppData\Local\Temp\nsx2D4C.tmp\StdUtils.dll
Filesize
100KB

MD5
c6a6e03f77c313b267498515488c5740

SHA1
3d49fc2784b9450962ed6b82b46e9c3c957d7c15

SHA256
b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e

SHA512
9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

Download Submit
\Users\Admin\AppData\Local\Temp\nsx2D4C.tmp\System.dll
Filesize
12KB

MD5
0d7ad4f45dc6f5aa87f606d0331c6901

SHA1
48df0911f0484cbe2a8cdd5362140b63c41ee457

SHA256
3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca

SHA512
c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

Download Submit
\Users\Admin\AppData\Local\Temp\nsx2D4C.tmp\WinShell.dll
Filesize
3KB

MD5
1cc7c37b7e0c8cd8bf04b6cc283e1e56

SHA1
0b9519763be6625bd5abce175dcc59c96d100d4c

SHA256
9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6

SHA512
7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

Download Submit
\Users\Admin\AppData\Local\Temp\nsx2D4C.tmp\WinShell.dll
Filesize
3KB

MD5
1cc7c37b7e0c8cd8bf04b6cc283e1e56

SHA1
0b9519763be6625bd5abce175dcc59c96d100d4c

SHA256
9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6

SHA512
7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

Download Submit
\Users\Admin\AppData\Local\Temp\nsx2D4C.tmp\nsExec.dll
Filesize
6KB

MD5
ec0504e6b8a11d5aad43b296beeb84b2

SHA1
91b5ce085130c8c7194d66b2439ec9e1c206497c

SHA256
5d9ceb1ce5f35aea5f9e5a0c0edeeec04dfefe0c77890c80c70e98209b58b962

SHA512
3f918f1b47e8a919cbe51eb17dc30acc8cfc18e743a1bae5b787d0db7d26038dc1210be98bf5ba3be8d6ed896dbbd7ac3d13e66454a98b2a38c7e69dad30bb57

Download Submit
\Users\Admin\AppData\Local\Temp\nsx2D4C.tmp\nsis7z.dll
Filesize
424KB

MD5
80e44ce4895304c6a3a831310fbf8cd0

SHA1
36bd49ae21c460be5753a904b4501f1abca53508

SHA256
b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592

SHA512
c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df

Download Submit
memory/1104-1097-0x0000000000000000-mapping.dmp

Download
memory/1256-128-0x000000001B8B0000-0x000000001BB0E000-memory.dmp

Filesize
2.4MB

Download
memory/1256-127-0x0000000000110000-0x0000000000A10000-memory.dmp

Filesize
9.0MB

Download
memory/1384-283-0x000000000041B58E-mapping.dmp

Download
memory/2560-221-0x000000000041B58E-mapping.dmp

Download
memory/2644-609-0x0000000000000000-mapping.dmp

Download
memory/3516-822-0x0000000000000000-mapping.dmp

Download
memory/3720-326-0x000000000041B58E-mapping.dmp

Download
memory/3984-613-0x0000000000000000-mapping.dmp

Download
memory/4192-152-0x0000000077660000-0x00000000777EE000-memory.dmp

Filesize
1.6MB

Download
memory/4192-207-0x0000000006F30000-0x00000000070F2000-memory.dmp

Filesize
1.8MB

Download
memory/4192-165-0x0000000077660000-0x00000000777EE000-memory.dmp

Filesize
1.6MB

Download
memory/4192-166-0x0000000077660000-0x00000000777EE000-memory.dmp

Filesize
1.6MB

Download
memory/4192-168-0x0000000077660000-0x00000000777EE000-memory.dmp

Filesize
1.6MB

Download
memory/4192-171-0x0000000077660000-0x00000000777EE000-memory.dmp

Filesize
1.6MB

Download
memory/4192-172-0x0000000077660000-0x00000000777EE000-memory.dmp

Filesize
1.6MB

Download
memory/4192-173-0x0000000077660000-0x00000000777EE000-memory.dmp

Filesize
1.6MB

Download
memory/4192-170-0x0000000077660000-0x00000000777EE000-memory.dmp

Filesize
1.6MB

Download
memory/4192-169-0x0000000077660000-0x00000000777EE000-memory.dmp

Filesize
1.6MB

Download
memory/4192-167-0x0000000077660000-0x00000000777EE000-memory.dmp

Filesize
1.6MB

Download
memory/4192-163-0x0000000077660000-0x00000000777EE000-memory.dmp

Filesize
1.6MB

Download
memory/4192-147-0x0000000077660000-0x00000000777EE000-memory.dmp

Filesize
1.6MB

Download
memory/4192-174-0x0000000077660000-0x00000000777EE000-memory.dmp

Filesize
1.6MB

Download
memory/4192-175-0x0000000077660000-0x00000000777EE000-memory.dmp

Filesize
1.6MB

Download
memory/4192-176-0x0000000077660000-0x00000000777EE000-memory.dmp

Filesize
1.6MB

Download
memory/4192-177-0x0000000077660000-0x00000000777EE000-memory.dmp

Filesize
1.6MB

Download
memory/4192-178-0x0000000077660000-0x00000000777EE000-memory.dmp

Filesize
1.6MB

Download
memory/4192-179-0x0000000077660000-0x00000000777EE000-memory.dmp

Filesize
1.6MB

Download
memory/4192-180-0x0000000077660000-0x00000000777EE000-memory.dmp

Filesize
1.6MB

Download
memory/4192-181-0x0000000077660000-0x00000000777EE000-memory.dmp

Filesize
1.6MB

Download
memory/4192-182-0x0000000077660000-0x00000000777EE000-memory.dmp

Filesize
1.6MB

Download
memory/4192-183-0x0000000077660000-0x00000000777EE000-memory.dmp

Filesize
1.6MB

Download
memory/4192-184-0x0000000005C20000-0x0000000006226000-memory.dmp

Filesize
6.0MB

Download
memory/4192-185-0x0000000005720000-0x000000000582A000-memory.dmp

Filesize
1.0MB

Download
memory/4192-186-0x0000000077660000-0x00000000777EE000-memory.dmp

Filesize
1.6MB

Download
memory/4192-187-0x0000000005670000-0x0000000005682000-memory.dmp

Filesize
72KB

Download
memory/4192-188-0x0000000077660000-0x00000000777EE000-memory.dmp

Filesize
1.6MB

Download
memory/4192-189-0x0000000005690000-0x00000000056CE000-memory.dmp

Filesize
248KB

Download
memory/4192-190-0x0000000077660000-0x00000000777EE000-memory.dmp

Filesize
1.6MB

Download
memory/4192-192-0x0000000077660000-0x00000000777EE000-memory.dmp

Filesize
1.6MB

Download
memory/4192-191-0x00000000056D0000-0x000000000571B000-memory.dmp

Filesize
300KB

Download
memory/4192-193-0x0000000077660000-0x00000000777EE000-memory.dmp

Filesize
1.6MB

Download
memory/4192-194-0x0000000077660000-0x00000000777EE000-memory.dmp

Filesize
1.6MB

Download
memory/4192-195-0x0000000077660000-0x00000000777EE000-memory.dmp

Filesize
1.6MB

Download
memory/4192-196-0x00000000059D0000-0x0000000005A36000-memory.dmp

Filesize
408KB

Download
memory/4192-197-0x0000000077660000-0x00000000777EE000-memory.dmp

Filesize
1.6MB

Download
memory/4192-198-0x0000000077660000-0x00000000777EE000-memory.dmp

Filesize
1.6MB

Download
memory/4192-199-0x0000000077660000-0x00000000777EE000-memory.dmp

Filesize
1.6MB

Download
memory/4192-204-0x0000000006A30000-0x0000000006F2E000-memory.dmp

Filesize
5.0MB

Download
memory/4192-205-0x00000000065D0000-0x0000000006662000-memory.dmp

Filesize
584KB

Download
memory/4192-164-0x0000000077660000-0x00000000777EE000-memory.dmp

Filesize
1.6MB

Download
memory/4192-208-0x0000000007630000-0x0000000007B5C000-memory.dmp

Filesize
5.2MB

Download
memory/4192-212-0x0000000007280000-0x00000000072F6000-memory.dmp

Filesize
472KB

Download
memory/4192-213-0x0000000007200000-0x0000000007250000-memory.dmp

Filesize
320KB

Download
memory/4192-153-0x0000000077660000-0x00000000777EE000-memory.dmp

Filesize
1.6MB

Download
memory/4192-162-0x0000000077660000-0x00000000777EE000-memory.dmp

Filesize
1.6MB

Download
memory/4192-160-0x0000000077660000-0x00000000777EE000-memory.dmp

Filesize
1.6MB

Download
memory/4192-161-0x0000000077660000-0x00000000777EE000-memory.dmp

Filesize
1.6MB

Download
memory/4192-159-0x0000000077660000-0x00000000777EE000-memory.dmp

Filesize
1.6MB

Download
memory/4192-157-0x0000000077660000-0x00000000777EE000-memory.dmp

Filesize
1.6MB

Download
memory/4192-158-0x0000000077660000-0x00000000777EE000-memory.dmp

Filesize
1.6MB

Download
memory/4192-129-0x0000000000400000-0x0000000000432000-memory.dmp

Filesize
200KB

Download
memory/4192-156-0x0000000077660000-0x00000000777EE000-memory.dmp

Filesize
1.6MB

Download
memory/4192-155-0x0000000077660000-0x00000000777EE000-memory.dmp

Filesize
1.6MB

Download
memory/4192-154-0x0000000077660000-0x00000000777EE000-memory.dmp

Filesize
1.6MB

Download
memory/4192-151-0x0000000077660000-0x00000000777EE000-memory.dmp

Filesize
1.6MB

Download
memory/4192-150-0x0000000077660000-0x00000000777EE000-memory.dmp

Filesize
1.6MB

Download
memory/4192-130-0x000000000041B58E-mapping.dmp

Download
memory/4192-149-0x0000000077660000-0x00000000777EE000-memory.dmp

Filesize
1.6MB

Download
memory/4192-148-0x0000000077660000-0x00000000777EE000-memory.dmp

Filesize
1.6MB

Download
memory/4192-146-0x0000000077660000-0x00000000777EE000-memory.dmp

Filesize
1.6MB

Download
memory/4192-145-0x0000000077660000-0x00000000777EE000-memory.dmp

Filesize
1.6MB

Download
memory/4192-144-0x0000000077660000-0x00000000777EE000-memory.dmp

Filesize
1.6MB

Download
memory/4192-143-0x0000000077660000-0x00000000777EE000-memory.dmp

Filesize
1.6MB

Download
memory/4192-131-0x0000000077660000-0x00000000777EE000-memory.dmp

Filesize
1.6MB

Download
memory/4192-142-0x0000000077660000-0x00000000777EE000-memory.dmp

Filesize
1.6MB

Download
memory/4192-141-0x0000000077660000-0x00000000777EE000-memory.dmp

Filesize
1.6MB

Download
memory/4192-140-0x0000000077660000-0x00000000777EE000-memory.dmp

Filesize
1.6MB

Download
memory/4192-139-0x0000000077660000-0x00000000777EE000-memory.dmp

Filesize
1.6MB

Download
memory/4192-138-0x0000000077660000-0x00000000777EE000-memory.dmp

Filesize
1.6MB

Download
memory/4192-137-0x0000000077660000-0x00000000777EE000-memory.dmp

Filesize
1.6MB

Download
memory/4192-135-0x0000000077660000-0x00000000777EE000-memory.dmp

Filesize
1.6MB

Download
memory/4192-136-0x0000000077660000-0x00000000777EE000-memory.dmp

Filesize
1.6MB

Download
memory/4192-133-0x0000000077660000-0x00000000777EE000-memory.dmp

Filesize
1.6MB

Download
memory/4192-134-0x0000000077660000-0x00000000777EE000-memory.dmp

Filesize
1.6MB

Download
memory/4192-132-0x0000000077660000-0x00000000777EE000-memory.dmp

Filesize
1.6MB

Download
memory/4204-835-0x0000000000000000-mapping.dmp

Download
memory/4228-848-0x0000000000000000-mapping.dmp

Download
memory/4452-288-0x000000000041B58E-mapping.dmp

Download
memory/4832-1125-0x0000000000000000-mapping.dmp

Download
memory/4860-535-0x0000000000000000-mapping.dmp

Download
memory/4944-1109-0x0000000000000000-mapping.dmp

Download
memory/4976-603-0x0000000000000000-mapping.dmp

Download