hxxps://www[.]mediafire[.]com/file/4ij3y3jh270k13k/Synapse_X[.]rar/file

Analysis

max time kernel
148s
max time network
149s
platform
windows10-1703_x64
resource
win10-20230220-en
resource tags

arch:x64arch:x86image:win10-20230220-enlocale:en-usos:windows10-1703-x64system
submitted
25-04-2023 22:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.mediafire.com/file/4ij3y3jh270k13k/Synapse_X.rar/file

Score

8^/10

discovery persistence spyware

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 4 IoCs

pid	Process
3252	winrar-x64-621.exe
2068	uninstall.exe
2312	WinRAR.exe
6020	setup.exe

Modifies system executable filetype association 2 TTPs 8 IoCs

persistence

Modify Registry

T1112

Change Default File Association

T1042

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\WinRAR	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\WinRAR\ = "{B41DB860-64E4-11D2-9906-E49FADC173CA}"	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shellex\PropertySheetHandlers\{B41DB860-8EE4-11D2-9906-E49FADC173CA}	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shellex\PropertySheetHandlers\{B41DB860-8EE4-11D2-9906-E49FADC173CA}\	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\WinRAR32	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\WinRAR32\ = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shellex\PropertySheetHandlers\{B41DB860-64E4-11D2-9906-E49FADC173CA}	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shellex\PropertySheetHandlers\{B41DB860-64E4-11D2-9906-E49FADC173CA}\	uninstall.exe

Registers COM server for autorun 1 TTPs 3 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B41DB860-64E4-11D2-9906-E49FADC173CA}\InProcServer32\ = "C:\\Program Files\\WinRAR\\rarext.dll"	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B41DB860-64E4-11D2-9906-E49FADC173CA}\InProcServer32\ThreadingModel = "Apartment"	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B41DB860-64E4-11D2-9906-E49FADC173CA}\InProcServer32	uninstall.exe

Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
spyware

Data from Local System
T1005

Credentials in Files
T1081
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 6020 set thread context of 5128	6020	setup.exe	132

Drops file in Program Files directory 60 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\WinRAR\RarExtLogo.altform-unplated_targetsize-64.png	winrar-x64-621.exe
File opened for modification	C:\Program Files\WinRAR\ReadMe.txt	winrar-x64-621.exe
File created	C:\Program Files\WinRAR\Rar.exe	winrar-x64-621.exe
File created	C:\Program Files\WinRAR\WinCon.SFX	winrar-x64-621.exe
File created	C:\Program Files\WinRAR\RarExtLogo.altform-unplated_targetsize-48.png	winrar-x64-621.exe
File created	C:\Program Files\WinRAR\RarExtLogo.altform-unplated_targetsize-64.png	winrar-x64-621.exe
File created	C:\Program Files\WinRAR\RarExtInstaller.exe	winrar-x64-621.exe
File opened for modification	C:\Program Files\WinRAR\Default64.SFX	winrar-x64-621.exe
File opened for modification	C:\Program Files\WinRAR\WinCon.SFX	winrar-x64-621.exe
File created	C:\Program Files\WinRAR\zipnew.dat	uninstall.exe
File opened for modification	C:\Program Files\WinRAR\RarExtInstaller.exe	winrar-x64-621.exe
File created	C:\Program Files\WinRAR\RarExt.dll	winrar-x64-621.exe
File opened for modification	C:\Program Files\WinRAR\Resources.pri	winrar-x64-621.exe
File opened for modification	C:\Program Files\WinRAR\RarExtLogo.altform-unplated_targetsize-48.png	winrar-x64-621.exe
File opened for modification	C:\Program Files\WinRAR\WinRAR.chm	winrar-x64-621.exe
File created	C:\Program Files\WinRAR\rarnew.dat	uninstall.exe
File opened for modification	C:\Program Files\WinRAR\Order.htm	winrar-x64-621.exe
File opened for modification	C:\Program Files\WinRAR\RarExtPackage.msix	winrar-x64-621.exe
File created	C:\Program Files\WinRAR\Resources.pri	winrar-x64-621.exe
File created	C:\Program Files\WinRAR\WinCon64.SFX	winrar-x64-621.exe
File created	C:\Program Files\WinRAR\WinRAR.chm	winrar-x64-621.exe
File created	C:\Program Files\WinRAR\Descript.ion	winrar-x64-621.exe
File opened for modification	C:\Program Files\WinRAR\Descript.ion	winrar-x64-621.exe
File opened for modification	C:\Program Files\WinRAR\Uninstall.lst	winrar-x64-621.exe
File opened for modification	C:\Program Files\WinRAR\WinRAR.exe	winrar-x64-621.exe
File opened for modification	C:\Program Files\WinRAR\WhatsNew.txt	winrar-x64-621.exe
File opened for modification	C:\Program Files\WinRAR\UnRAR.exe	winrar-x64-621.exe
File opened for modification	C:\Program Files\WinRAR\Zip.SFX	winrar-x64-621.exe
File created	C:\Program Files\WinRAR\ReadMe.txt	winrar-x64-621.exe
File created	C:\Program Files\WinRAR\RarFiles.lst	winrar-x64-621.exe
File created	C:\Program Files\WinRAR\RarExtPackage.msix	winrar-x64-621.exe
File opened for modification	C:\Program Files\WinRAR\License.txt	winrar-x64-621.exe
File created	C:\Program Files\WinRAR\Order.htm	winrar-x64-621.exe
File opened for modification	C:\Program Files\WinRAR\Rar.exe	winrar-x64-621.exe
File created	C:\Program Files\WinRAR\RarExt32.dll	winrar-x64-621.exe
File opened for modification	C:\Program Files\WinRAR\RarExtLogo.altform-unplated_targetsize-32.png	winrar-x64-621.exe
File created	C:\Program Files\WinRAR\__tmp_rar_sfx_access_check_240597171	winrar-x64-621.exe
File created	C:\Program Files\WinRAR\Uninstall.lst	winrar-x64-621.exe
File opened for modification	C:\Program Files\WinRAR\Uninstall.exe	winrar-x64-621.exe
File created	C:\Program Files\WinRAR\Default.SFX	winrar-x64-621.exe
File opened for modification	C:\Program Files\WinRAR\RarFiles.lst	winrar-x64-621.exe
File opened for modification	C:\Program Files\WinRAR\7zxa.dll	winrar-x64-621.exe
File created	C:\Program Files\WinRAR\RarExtLogo.altform-unplated_targetsize-32.png	winrar-x64-621.exe
File opened for modification	C:\Program Files\WinRAR	winrar-x64-621.exe
File created	C:\Program Files\WinRAR\Uninstall.exe	winrar-x64-621.exe
File created	C:\Program Files\WinRAR\7zxa.dll	winrar-x64-621.exe
File opened for modification	C:\Program Files\WinRAR\Default.SFX	winrar-x64-621.exe
File opened for modification	C:\Program Files\WinRAR\Zip64.SFX	winrar-x64-621.exe
File created	C:\Program Files\WinRAR\License.txt	winrar-x64-621.exe
File opened for modification	C:\Program Files\WinRAR\Rar.txt	winrar-x64-621.exe
File opened for modification	C:\Program Files\WinRAR\RarExt.dll	winrar-x64-621.exe
File opened for modification	C:\Program Files\WinRAR\WinCon64.SFX	winrar-x64-621.exe
File created	C:\Program Files\WinRAR\Zip.SFX	winrar-x64-621.exe
File created	C:\Program Files\WinRAR\UnRAR.exe	winrar-x64-621.exe
File created	C:\Program Files\WinRAR\WinRAR.exe	winrar-x64-621.exe
File created	C:\Program Files\WinRAR\Default64.SFX	winrar-x64-621.exe
File created	C:\Program Files\WinRAR\Rar.txt	winrar-x64-621.exe
File created	C:\Program Files\WinRAR\WhatsNew.txt	winrar-x64-621.exe
File opened for modification	C:\Program Files\WinRAR\RarExt32.dll	winrar-x64-621.exe
File created	C:\Program Files\WinRAR\Zip64.SFX	winrar-x64-621.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	WinRAR.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	WinRAR.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133269431336860642"	chrome.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR\DefaultIcon	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.001\ = "WinRAR"	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.r11\ = "WinRAR"	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR\shellex\PropertySheetHandlers\{B41DB860-8EE4-11D2-9906-E49FADC173CA}	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.ZIP\shellex\PropertySheetHandlers\{B41DB860-8EE4-11D2-9906-E49FADC173CA}\	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.cab	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.z	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\DragDropHandlers\WinRAR32	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.r23	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.txz\ = "WinRAR"	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B41DB860-64E4-11D2-9906-E49FADC173CA}\InProcServer32	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.ZIP\shellex\PropertySheetHandlers\{B41DB860-64E4-11D2-9906-E49FADC173CA}\	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shellex\PropertySheetHandlers\{B41DB860-8EE4-11D2-9906-E49FADC173CA}	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.lha\ = "WinRAR"	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.cab\ = "WinRAR"	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.ZIP	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR\shellex\ContextMenuHandlers	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.r10\ = "WinRAR"	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\DragDropHandlers\WinRAR	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.txz	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.ZIP\DefaultIcon\ = "C:\\Program Files\\WinRAR\\WinRAR.exe,0"	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.r28\ = "WinRAR"	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.bz\ = "WinRAR"	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.ZIP\shellex\DropHandler	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.r00	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.zip\ = "WinRAR.ZIP"	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.lzh	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\WinRAR32\ = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.7z\ = "WinRAR"	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.r08\ = "WinRAR"	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.lha	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\WinRAR32	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B41DB860-64E4-11D2-9906-E49FADC173CA}\InProcServer32\ThreadingModel = "Apartment"	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR\ = "WinRAR archive"	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.tgz	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.ZIP\shellex\ContextMenuHandlers	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.r16	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.r17	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.r22	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.xxe	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.bz2\ = "WinRAR"	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.REV\shell\open	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.r05\ = "WinRAR"	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.7z	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR\shell\open\command\ = "\"C:\\Program Files\\WinRAR\\WinRAR.exe\" \"%1\""	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR\shellex\PropertySheetHandlers	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.r12	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.lz	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR\shellex\PropertySheetHandlers\{B41DB860-8EE4-11D2-9906-E49FADC173CA}\	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shellex\PropertySheetHandlers\{B41DB860-64E4-11D2-9906-E49FADC173CA}	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.r06	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.r07	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.lz\ = "WinRAR"	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.ZIP\ = "WinRAR ZIP archive"	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B41DB860-8EE4-11D2-9906-E49FADC173CA}\InProcServer32\ThreadingModel = "Apartment"	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.ZIP\shellex	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.r15	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.xxe\ = "WinRAR"	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.xz\ = "WinRAR"	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.rev	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.ZIP\shellex\DropHandler\ = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.rar\ShellNew	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.zip	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.REV\shell\open\command\ = "\"C:\\Program Files\\WinRAR\\WinRAR.exe\" \"%1\""	uninstall.exe

Suspicious behavior: EnumeratesProcesses 7 IoCs

pid	Process
3096	chrome.exe
3096	chrome.exe
5128	AppLaunch.exe
5128	AppLaunch.exe
5128	AppLaunch.exe
5568	chrome.exe
5568	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2312	WinRAR.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 35 IoCs

pid	Process
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3096	chrome.exe
Token: SeCreatePagefilePrivilege	3096	chrome.exe
Token: SeShutdownPrivilege	3096	chrome.exe
Token: SeCreatePagefilePrivilege	3096	chrome.exe
Token: SeShutdownPrivilege	3096	chrome.exe
Token: SeCreatePagefilePrivilege	3096	chrome.exe
Token: SeShutdownPrivilege	3096	chrome.exe
Token: SeCreatePagefilePrivilege	3096	chrome.exe
Token: SeShutdownPrivilege	3096	chrome.exe
Token: SeCreatePagefilePrivilege	3096	chrome.exe
Token: SeShutdownPrivilege	3096	chrome.exe
Token: SeCreatePagefilePrivilege	3096	chrome.exe
Token: SeShutdownPrivilege	3096	chrome.exe
Token: SeCreatePagefilePrivilege	3096	chrome.exe
Token: SeShutdownPrivilege	3096	chrome.exe
Token: SeCreatePagefilePrivilege	3096	chrome.exe
Token: SeShutdownPrivilege	3096	chrome.exe
Token: SeCreatePagefilePrivilege	3096	chrome.exe
Token: SeShutdownPrivilege	3096	chrome.exe
Token: SeCreatePagefilePrivilege	3096	chrome.exe
Token: SeShutdownPrivilege	3096	chrome.exe
Token: SeCreatePagefilePrivilege	3096	chrome.exe
Token: SeShutdownPrivilege	3096	chrome.exe
Token: SeCreatePagefilePrivilege	3096	chrome.exe
Token: SeShutdownPrivilege	3096	chrome.exe
Token: SeCreatePagefilePrivilege	3096	chrome.exe
Token: SeShutdownPrivilege	3096	chrome.exe
Token: SeCreatePagefilePrivilege	3096	chrome.exe
Token: SeShutdownPrivilege	3096	chrome.exe
Token: SeCreatePagefilePrivilege	3096	chrome.exe
Token: SeShutdownPrivilege	3096	chrome.exe
Token: SeCreatePagefilePrivilege	3096	chrome.exe
Token: SeShutdownPrivilege	3096	chrome.exe
Token: SeCreatePagefilePrivilege	3096	chrome.exe
Token: SeShutdownPrivilege	3096	chrome.exe
Token: SeCreatePagefilePrivilege	3096	chrome.exe
Token: SeShutdownPrivilege	3096	chrome.exe
Token: SeCreatePagefilePrivilege	3096	chrome.exe
Token: SeShutdownPrivilege	3096	chrome.exe
Token: SeCreatePagefilePrivilege	3096	chrome.exe
Token: SeShutdownPrivilege	3096	chrome.exe
Token: SeCreatePagefilePrivilege	3096	chrome.exe
Token: SeShutdownPrivilege	3096	chrome.exe
Token: SeCreatePagefilePrivilege	3096	chrome.exe
Token: SeShutdownPrivilege	3096	chrome.exe
Token: SeCreatePagefilePrivilege	3096	chrome.exe
Token: SeShutdownPrivilege	3096	chrome.exe
Token: SeCreatePagefilePrivilege	3096	chrome.exe
Token: SeShutdownPrivilege	3096	chrome.exe
Token: SeCreatePagefilePrivilege	3096	chrome.exe
Token: SeShutdownPrivilege	3096	chrome.exe
Token: SeCreatePagefilePrivilege	3096	chrome.exe
Token: SeShutdownPrivilege	3096	chrome.exe
Token: SeCreatePagefilePrivilege	3096	chrome.exe
Token: SeShutdownPrivilege	3096	chrome.exe
Token: SeCreatePagefilePrivilege	3096	chrome.exe
Token: SeShutdownPrivilege	3096	chrome.exe
Token: SeCreatePagefilePrivilege	3096	chrome.exe
Token: SeShutdownPrivilege	3096	chrome.exe
Token: SeCreatePagefilePrivilege	3096	chrome.exe
Token: SeShutdownPrivilege	3096	chrome.exe
Token: SeCreatePagefilePrivilege	3096	chrome.exe
Token: SeShutdownPrivilege	3096	chrome.exe
Token: SeCreatePagefilePrivilege	3096	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe

Suspicious use of SendNotifyMessage 56 IoCs

pid	Process
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
3252	winrar-x64-621.exe
3252	winrar-x64-621.exe
3252	winrar-x64-621.exe
2068	uninstall.exe
2312	WinRAR.exe
2312	WinRAR.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3096 wrote to memory of 3676	3096	chrome.exe	66
PID 3096 wrote to memory of 3676	3096	chrome.exe	66
PID 3096 wrote to memory of 4112	3096	chrome.exe	69
PID 3096 wrote to memory of 4112	3096	chrome.exe	69
PID 3096 wrote to memory of 4112	3096	chrome.exe	69
PID 3096 wrote to memory of 4112	3096	chrome.exe	69
PID 3096 wrote to memory of 4112	3096	chrome.exe	69
PID 3096 wrote to memory of 4112	3096	chrome.exe	69
PID 3096 wrote to memory of 4112	3096	chrome.exe	69
PID 3096 wrote to memory of 4112	3096	chrome.exe	69
PID 3096 wrote to memory of 4112	3096	chrome.exe	69
PID 3096 wrote to memory of 4112	3096	chrome.exe	69
PID 3096 wrote to memory of 4112	3096	chrome.exe	69
PID 3096 wrote to memory of 4112	3096	chrome.exe	69
PID 3096 wrote to memory of 4112	3096	chrome.exe	69
PID 3096 wrote to memory of 4112	3096	chrome.exe	69
PID 3096 wrote to memory of 4112	3096	chrome.exe	69
PID 3096 wrote to memory of 4112	3096	chrome.exe	69
PID 3096 wrote to memory of 4112	3096	chrome.exe	69
PID 3096 wrote to memory of 4112	3096	chrome.exe	69
PID 3096 wrote to memory of 4112	3096	chrome.exe	69
PID 3096 wrote to memory of 4112	3096	chrome.exe	69
PID 3096 wrote to memory of 4112	3096	chrome.exe	69
PID 3096 wrote to memory of 4112	3096	chrome.exe	69
PID 3096 wrote to memory of 4112	3096	chrome.exe	69
PID 3096 wrote to memory of 4112	3096	chrome.exe	69
PID 3096 wrote to memory of 4112	3096	chrome.exe	69
PID 3096 wrote to memory of 4112	3096	chrome.exe	69
PID 3096 wrote to memory of 4112	3096	chrome.exe	69
PID 3096 wrote to memory of 4112	3096	chrome.exe	69
PID 3096 wrote to memory of 4112	3096	chrome.exe	69
PID 3096 wrote to memory of 4112	3096	chrome.exe	69
PID 3096 wrote to memory of 4112	3096	chrome.exe	69
PID 3096 wrote to memory of 4112	3096	chrome.exe	69
PID 3096 wrote to memory of 4112	3096	chrome.exe	69
PID 3096 wrote to memory of 4112	3096	chrome.exe	69
PID 3096 wrote to memory of 4112	3096	chrome.exe	69
PID 3096 wrote to memory of 4112	3096	chrome.exe	69
PID 3096 wrote to memory of 4112	3096	chrome.exe	69
PID 3096 wrote to memory of 4112	3096	chrome.exe	69
PID 3096 wrote to memory of 4116	3096	chrome.exe	68
PID 3096 wrote to memory of 4116	3096	chrome.exe	68
PID 3096 wrote to memory of 4584	3096	chrome.exe	70
PID 3096 wrote to memory of 4584	3096	chrome.exe	70
PID 3096 wrote to memory of 4584	3096	chrome.exe	70
PID 3096 wrote to memory of 4584	3096	chrome.exe	70
PID 3096 wrote to memory of 4584	3096	chrome.exe	70
PID 3096 wrote to memory of 4584	3096	chrome.exe	70
PID 3096 wrote to memory of 4584	3096	chrome.exe	70
PID 3096 wrote to memory of 4584	3096	chrome.exe	70
PID 3096 wrote to memory of 4584	3096	chrome.exe	70
PID 3096 wrote to memory of 4584	3096	chrome.exe	70
PID 3096 wrote to memory of 4584	3096	chrome.exe	70
PID 3096 wrote to memory of 4584	3096	chrome.exe	70
PID 3096 wrote to memory of 4584	3096	chrome.exe	70
PID 3096 wrote to memory of 4584	3096	chrome.exe	70
PID 3096 wrote to memory of 4584	3096	chrome.exe	70
PID 3096 wrote to memory of 4584	3096	chrome.exe	70
PID 3096 wrote to memory of 4584	3096	chrome.exe	70
PID 3096 wrote to memory of 4584	3096	chrome.exe	70
PID 3096 wrote to memory of 4584	3096	chrome.exe	70
PID 3096 wrote to memory of 4584	3096	chrome.exe	70
PID 3096 wrote to memory of 4584	3096	chrome.exe	70
PID 3096 wrote to memory of 4584	3096	chrome.exe	70

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://www.mediafire.com/file/4ij3y3jh270k13k/Synapse_X.rar/file
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3096
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffe8d7e9758,0x7ffe8d7e9768,0x7ffe8d7e9778
  2⤵
  PID:3676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1828 --field-trial-handle=1712,i,9764966538623821236,14171095488776840177,131072 /prefetch:8
  2⤵
  PID:4116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1628 --field-trial-handle=1712,i,9764966538623821236,14171095488776840177,131072 /prefetch:2
  2⤵
  PID:4112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1676 --field-trial-handle=1712,i,9764966538623821236,14171095488776840177,131072 /prefetch:8
  2⤵
  PID:4584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2984 --field-trial-handle=1712,i,9764966538623821236,14171095488776840177,131072 /prefetch:1
  2⤵
  PID:1392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3028 --field-trial-handle=1712,i,9764966538623821236,14171095488776840177,131072 /prefetch:1
  2⤵
  PID:1244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4760 --field-trial-handle=1712,i,9764966538623821236,14171095488776840177,131072 /prefetch:1
  2⤵
  PID:4448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4952 --field-trial-handle=1712,i,9764966538623821236,14171095488776840177,131072 /prefetch:1
  2⤵
  PID:5084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4740 --field-trial-handle=1712,i,9764966538623821236,14171095488776840177,131072 /prefetch:1
  2⤵
  PID:1344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5924 --field-trial-handle=1712,i,9764966538623821236,14171095488776840177,131072 /prefetch:1
  2⤵
  PID:1084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5484 --field-trial-handle=1712,i,9764966538623821236,14171095488776840177,131072 /prefetch:1
  2⤵
  PID:2960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5300 --field-trial-handle=1712,i,9764966538623821236,14171095488776840177,131072 /prefetch:8
  2⤵
  PID:196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=6260 --field-trial-handle=1712,i,9764966538623821236,14171095488776840177,131072 /prefetch:1
  2⤵
  PID:1836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=6504 --field-trial-handle=1712,i,9764966538623821236,14171095488776840177,131072 /prefetch:1
  2⤵
  PID:3720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=6444 --field-trial-handle=1712,i,9764966538623821236,14171095488776840177,131072 /prefetch:1
  2⤵
  PID:1300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=6720 --field-trial-handle=1712,i,9764966538623821236,14171095488776840177,131072 /prefetch:1
  2⤵
  PID:1424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=6952 --field-trial-handle=1712,i,9764966538623821236,14171095488776840177,131072 /prefetch:1
  2⤵
  PID:3792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6968 --field-trial-handle=1712,i,9764966538623821236,14171095488776840177,131072 /prefetch:8
  2⤵
  PID:3952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6200 --field-trial-handle=1712,i,9764966538623821236,14171095488776840177,131072 /prefetch:8
  2⤵
  PID:4660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6564 --field-trial-handle=1712,i,9764966538623821236,14171095488776840177,131072 /prefetch:8
  2⤵
  PID:4480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=6600 --field-trial-handle=1712,i,9764966538623821236,14171095488776840177,131072 /prefetch:1
  2⤵
  PID:2172
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=6648 --field-trial-handle=1712,i,9764966538623821236,14171095488776840177,131072 /prefetch:1
  2⤵
  PID:1100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6812 --field-trial-handle=1712,i,9764966538623821236,14171095488776840177,131072 /prefetch:8
  2⤵
  PID:2884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6392 --field-trial-handle=1712,i,9764966538623821236,14171095488776840177,131072 /prefetch:8
  2⤵
  PID:3580
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=6800 --field-trial-handle=1712,i,9764966538623821236,14171095488776840177,131072 /prefetch:1
  2⤵
  PID:3432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=6908 --field-trial-handle=1712,i,9764966538623821236,14171095488776840177,131072 /prefetch:1
  2⤵
  PID:3612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7192 --field-trial-handle=1712,i,9764966538623821236,14171095488776840177,131072 /prefetch:8
  2⤵
  PID:2328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7328 --field-trial-handle=1712,i,9764966538623821236,14171095488776840177,131072 /prefetch:8
  2⤵
  PID:1536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=5232 --field-trial-handle=1712,i,9764966538623821236,14171095488776840177,131072 /prefetch:1
  2⤵
  PID:240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=2352 --field-trial-handle=1712,i,9764966538623821236,14171095488776840177,131072 /prefetch:1
  2⤵
  PID:2392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=7000 --field-trial-handle=1712,i,9764966538623821236,14171095488776840177,131072 /prefetch:1
  2⤵
  PID:660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=6540 --field-trial-handle=1712,i,9764966538623821236,14171095488776840177,131072 /prefetch:1
  2⤵
  PID:3252
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=6400 --field-trial-handle=1712,i,9764966538623821236,14171095488776840177,131072 /prefetch:1
  2⤵
  PID:1792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=7440 --field-trial-handle=1712,i,9764966538623821236,14171095488776840177,131072 /prefetch:1
  2⤵
  PID:3804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=7476 --field-trial-handle=1712,i,9764966538623821236,14171095488776840177,131072 /prefetch:1
  2⤵
  PID:3620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7492 --field-trial-handle=1712,i,9764966538623821236,14171095488776840177,131072 /prefetch:8
  2⤵
  PID:3672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7540 --field-trial-handle=1712,i,9764966538623821236,14171095488776840177,131072 /prefetch:8
  2⤵
  PID:5096
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6572 --field-trial-handle=1712,i,9764966538623821236,14171095488776840177,131072 /prefetch:8
  2⤵
  PID:1084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7356 --field-trial-handle=1712,i,9764966538623821236,14171095488776840177,131072 /prefetch:8
  2⤵
  PID:3632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7416 --field-trial-handle=1712,i,9764966538623821236,14171095488776840177,131072 /prefetch:8
  2⤵
  PID:4500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6572 --field-trial-handle=1712,i,9764966538623821236,14171095488776840177,131072 /prefetch:8
  2⤵
  PID:4196
- C:\Users\Admin\Downloads\winrar-x64-621.exe
  "C:\Users\Admin\Downloads\winrar-x64-621.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - Suspicious use of SetWindowsHookEx
  PID:3252
- - C:\Program Files\WinRAR\uninstall.exe
    "C:\Program Files\WinRAR\uninstall.exe" /setup
    3⤵
    - Executes dropped EXE
    - Modifies system executable filetype association
    - Registers COM server for autorun
    - Drops file in Program Files directory
    - Modifies registry class
    - Suspicious use of SetWindowsHookEx
    PID:2068
- C:\Program Files\WinRAR\WinRAR.exe
  "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\Admin\Downloads\Synapse X.rar"
  2⤵
  - Executes dropped EXE
  - Modifies Internet Explorer settings
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  PID:2312
- - C:\Users\Admin\AppData\Local\Temp\Rar$EXb2312.10970\Synapse X\setup.exe
    "C:\Users\Admin\AppData\Local\Temp\Rar$EXb2312.10970\Synapse X\setup.exe"
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetThreadContext
    PID:6020
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
      "C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\AppLaunch.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:5128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=42 --mojo-platform-channel-handle=5668 --field-trial-handle=1712,i,9764966538623821236,14171095488776840177,131072 /prefetch:1
  2⤵
  PID:4540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=43 --mojo-platform-channel-handle=7496 --field-trial-handle=1712,i,9764966538623821236,14171095488776840177,131072 /prefetch:1
  2⤵
  PID:992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=44 --mojo-platform-channel-handle=7416 --field-trial-handle=1712,i,9764966538623821236,14171095488776840177,131072 /prefetch:1
  2⤵
  PID:3264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=45 --mojo-platform-channel-handle=6480 --field-trial-handle=1712,i,9764966538623821236,14171095488776840177,131072 /prefetch:1
  2⤵
  PID:4140
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=46 --mojo-platform-channel-handle=7812 --field-trial-handle=1712,i,9764966538623821236,14171095488776840177,131072 /prefetch:1
  2⤵
  PID:1256
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=47 --mojo-platform-channel-handle=5740 --field-trial-handle=1712,i,9764966538623821236,14171095488776840177,131072 /prefetch:1
  2⤵
  PID:1640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=48 --mojo-platform-channel-handle=7940 --field-trial-handle=1712,i,9764966538623821236,14171095488776840177,131072 /prefetch:1
  2⤵
  PID:1052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=49 --mojo-platform-channel-handle=8224 --field-trial-handle=1712,i,9764966538623821236,14171095488776840177,131072 /prefetch:1
  2⤵
  PID:4400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=50 --mojo-platform-channel-handle=7980 --field-trial-handle=1712,i,9764966538623821236,14171095488776840177,131072 /prefetch:1
  2⤵
  PID:4164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=51 --mojo-platform-channel-handle=5688 --field-trial-handle=1712,i,9764966538623821236,14171095488776840177,131072 /prefetch:1
  2⤵
  PID:6028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=52 --mojo-platform-channel-handle=7472 --field-trial-handle=1712,i,9764966538623821236,14171095488776840177,131072 /prefetch:1
  2⤵
  PID:6048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=53 --mojo-platform-channel-handle=7360 --field-trial-handle=1712,i,9764966538623821236,14171095488776840177,131072 /prefetch:1
  2⤵
  PID:6064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=7932 --field-trial-handle=1712,i,9764966538623821236,14171095488776840177,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5568

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2688

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1808

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Change Default File Association

T1042

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials in Files

T1081

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\WinRAR\Rar.txt

Filesize
109KB

MD5
e51d9ff73c65b76ccd7cd09aeea99c3c

SHA1
d4789310e9b7a4628154f21af9803e88e89e9b1b

SHA256
7456f489100ec876062d68d152081167ac00d45194b17af4a8dd53680acfc9bd

SHA512
57ab82d4a95d3b5d181c0ec1a1a1de56a4d6c83af5644032ff3af71e9bd8e13051ae274609bda8b336d70a99f2fba17331773694d7e98d4a7635f7b59651b77c

Download Submit
C:\Program Files\WinRAR\Uninstall.exe

Filesize
437KB

MD5
cac9723066062383778f37e9d64fd94e

SHA1
1cd78fc041d733f7eacdd447371c9dec25c7ef2c

SHA256
e187e1119350caa3aec9d531989f60452d0198368f19cf65ffd2194a8a4003ad

SHA512
2b3dc50fb5006f1f3beec1774d0927a0533b49d20122e49a0b4b41840f83c494376c8e61da735aa58d27453c44450203d5c2bb4f03fdd37b648ee0f51f925c59

Download Submit
C:\Program Files\WinRAR\WhatsNew.txt

Filesize
103KB

MD5
4c88a040b31c4d144b44b0dc68fb2cc8

SHA1
bf473f5a5d3d8be6e5870a398212450580f8b37b

SHA256
6f1a005a0e5c765fcc68fe15f7ccd18667a6e583980e001ba7181aaaeed442b8

SHA512
e7f224a21d7c111b83775c778e6d9fa447e53809e0efd4f3ba99c7d6206036aa3dde9484248b244fb26789467559a40516c8e163d379e84dcf31ac84b4c5d2a8

Download Submit
C:\Program Files\WinRAR\WinRAR.chm

Filesize
317KB

MD5
381eae01a2241b8a4738b3c64649fbc0

SHA1
cc5944fde68ed622ebee2da9412534e5a44a7c9a

SHA256
ad58f39f5d429b5a3726c4a8ee5ccada86d24273eebf2f6072ad1fb61ea82d6e

SHA512
f7a8903ea38f2b62d6fa2cc755e0d972a14d00a2e1047e6e983902eff1d3a6bca98327c2b8ed47e46435d1156816e4b0d494726fce87b6cbe7722f5249889b88

Download Submit
C:\Program Files\WinRAR\WinRAR.exe

Filesize
2.4MB

MD5
46d15a70619d5e68415c8f22d5c81555

SHA1
12ec96e89b0fd38c469546042e30452b070e337f

SHA256
2e503ad5a9c800f2dac2fed2b3e8698d96d25b219ed86ed1a54896232cbe4781

SHA512
09446dc9d0c768844213f7f71ba65ee4e86b61d7a61610b63892d1b142952bdd346d14d27d878c026362e012e22fcb49c6746912d5e02db6b40223cafa6d01fb

Download Submit
C:\Program Files\WinRAR\WinRAR.exe

Filesize
2.4MB

MD5
46d15a70619d5e68415c8f22d5c81555

SHA1
12ec96e89b0fd38c469546042e30452b070e337f

SHA256
2e503ad5a9c800f2dac2fed2b3e8698d96d25b219ed86ed1a54896232cbe4781

SHA512
09446dc9d0c768844213f7f71ba65ee4e86b61d7a61610b63892d1b142952bdd346d14d27d878c026362e012e22fcb49c6746912d5e02db6b40223cafa6d01fb

Download Submit
C:\Program Files\WinRAR\uninstall.exe

Filesize
437KB

MD5
cac9723066062383778f37e9d64fd94e

SHA1
1cd78fc041d733f7eacdd447371c9dec25c7ef2c

SHA256
e187e1119350caa3aec9d531989f60452d0198368f19cf65ffd2194a8a4003ad

SHA512
2b3dc50fb5006f1f3beec1774d0927a0533b49d20122e49a0b4b41840f83c494376c8e61da735aa58d27453c44450203d5c2bb4f03fdd37b648ee0f51f925c59

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\9d448c8f-be98-4aaa-8b59-9fee1f6c9b2c.tmp

Filesize
114KB

MD5
e5e6317897f95b1b19d0041e66c1a51a

SHA1
18950558ae42623c566782a364b8ff0debe88b2c

SHA256
972af0fa0877c7c0cb37f7a97bc9eba70433e773c1697fbb320009e38d9b295a

SHA512
9e0376c4de2e72bd0a28db6d36c4195d74d39597aa9f49bb6965c66827a8650c36d696c769a1e8b503116474c18f66e34bfccddd6bac140bd96a1e320050febd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\4fe0a67e-6a95-4bd5-b400-aac79caa338c.tmp

Filesize
12KB

MD5
7548299f86d1266d2a2b02e8cae96a8d

SHA1
becd35f870bb1057e267a1e443afe586d4a576fe

SHA256
7cc3439cda005fd3024b6acbdcece90e0cac83cc74244a968c749242b8096d79

SHA512
923cdd3975fa35753946cb9b01323f4d3ba3c39f7524c3f6518828ce3fe847536d27024ecc2b7c076d12bdc87eb64aa01a178ef25d5750bd9822ffd0874ce501

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
16ff3de94ed705eb3c9654dba5c1355d

SHA1
796e4516b1931de3a3d9feeaa809be38e6436e23

SHA256
a8ef9103e359d81e6922f5ec81a084f1f01d1f088251ce6146c982ad1b480290

SHA512
52ab1e0ac3b87d50920cbbb2a917324c76bfa87d6dff070d82bd75bfe5ef1730abf8f3f101a7ad2cecf6811b94f83d5465e8c74f586b058eb2beb79c564a38ae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
80a902befcc6d36e51d216500ad25664

SHA1
e23d803b3ecf4c08d82df05d9321f76e6f557b36

SHA256
185362cb15b8bd10dfb8dfdb4cbc1ce34e6dd3dde204be89951999c16b9e7d47

SHA512
e4592c9ea787a11cfc6b8fae99d1c9d36df7da761ae3f1e2b493aaa16479a396e4347aadcf9fa74641280f3e2956090f1d5d2799e169b5165c057b44360a2e41

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies

Filesize
60KB

MD5
7747d5e9d5a894d35b5aedda1c9997eb

SHA1
7cd50a096393f2614ffcb8aed09024719b2986fa

SHA256
2ec3719dbced0740d53fba1ea553a04472b2d81177abeac0bd4bbf06879b5fb2

SHA512
432f500c34d45e4c55a7672398051e7559612ceb5eae114338c0b9ed003dcaead1d559a57b938da2f0eb7c5c11d15006cd9fb2ed15a34b4d0168814281fd566a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
11KB

MD5
7deeea480cb0e2f4b59e61cfd84edb4a

SHA1
da59d59ad7dfee4d2c996e2ae90dce9093e977c1

SHA256
7840de9e8ddd5050c47393229dcf159a79a68d33f0ef4234b810f6456c67f22b

SHA512
45ff94d134e1d3a7768b349e3e33cc204838b8cf65e71cda94148445d63fc15b68e35854738cff594fec2cd93b94700bb5e34110efdae8f8b4155874ee6f0612

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
12KB

MD5
965190a1f30f466dab26aea061679f5a

SHA1
6ef792d357a42d1a8e323db308c5125d4b2ab32e

SHA256
7a28aa63b1c127f354c50e073a48cf4803c5963e2692f34ea62758acf8c8bf4c

SHA512
cc4401d0ecdb763e85881c95747aea641a6e88435477c752c9dda77d6a613557be0ef9837b9acb67379b6bb06a4d768d51ea88864a8055763ba270e92019e051

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
5cdf1bdf4f2aa91fc77650deb31957e5

SHA1
e5a31e893f4d512e60ff32fb5c56333b35ff2d60

SHA256
b049c2608fefba391c2fe03b1dac3be39c71f652f3339bd2be12def81395b104

SHA512
f16bc3b75552e63fdd4c5fa86d13a282365b59e895bb06fd2c61242c8aadbc8aaa77cbf574ecd090c09500a85e052de5c8c755b614da453953045e0986d16acd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
4e6ac71af81715012ed1de554edb481c

SHA1
a646662bcf5d318c5b5bf6b5454cebc290bb64ca

SHA256
0014f8475dcba95b97a76464d97f69d2943b4186e6598d13229e9d5c2bf770b6

SHA512
e03b9586c8219e34ccf03e706e36ddce093a8ec48124f8e07b80495e9190f972bf682cc6aa462c6801accea8c46557a90aa69340362038293944e2bb8b0ea5f0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
e493eb375eb007eeac45b81c26392901

SHA1
1eb4bfcc8831435baefc23f3671379947400503e

SHA256
5f880f807240d711ee6998ae8b1f28996d0d04a542b3913d73dd0fbafd35b69c

SHA512
c1a9e25d5f0cbf589fbfdf2ff08ae850ef7efcf2dfba7cdf206c8dcb34cce47ae2be9ab6abfdc054c17400b0c412ec6b7d38ae6043bf4738dff66e3e3abc2567

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
059d3100545833b22f7d439ce3364dc2

SHA1
0a802c794e49b861fff4db0a3e9a92bae8fa27ab

SHA256
7b8ba1fe1138567ffbf75cfb3b480cb6f5f529ff389f0e35f913fd2973ccd73c

SHA512
039025d1a0edf0bb1b138c5619664a16ab980cfb0e138b7a7403f3e79b764ca8110f687c17c0f92857cd6d99fae5b4bf8ccc9ae518b0396802604c90d014d89e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
d696a384e678194fd7bfb82e164a2c4e

SHA1
055fa1d2964fd14a025e1e40abd9dd94671173a8

SHA256
f597552bab0c9ccc0636a435d01ce037dc8e8e8200eed5b097bbe848ae08bb91

SHA512
f24e92f9578d4d910e22fcf23c8134c692fc33cea631f1eb5a1258a3fccd6ea1ebd0df02be9280eb6448c2fd6d4a12993cc12eb3c54d4eb2cdf22f66f1e8acd4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
c9f69c84c17300366d1e31ce86a97853

SHA1
95f78841ad0fc6f9b75f9f38c92ac99c2b9e3596

SHA256
37f8439a90b14021605ad07b5f7b95c190b7a5ddf72e22c4280a77acd42e517a

SHA512
9852731c476c71376be2f7c640356c7382e89e158a5f2321a2f7431cb0ccc4032a9312ae01c143f0e1166f9eeb70f07ded1e2190488770ca2c0cdc59765a52c8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\dde9556b-605e-4b2b-a772-0288d6d8af44.tmp

Filesize
3KB

MD5
6230c650ba105b55c5dd385b37c827a2

SHA1
8aa100104a2757107a365128bd77e3a787747d0b

SHA256
758cb3444bde0fa77e82ba5474b3e83481187f6ffa7532c1fa062a235c36b28a

SHA512
82475e4558830fd3ee51ed47d6d1bf4dd13b4afc1709365987ab5cd9cd59bb6c2bd9ac9296d0bb27f6e5b68c3acc8779fccc1fc405e3ef7e1fe65f8f90d51bb7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
e97f7b0704466da9bebdb2fa9cea3a36

SHA1
0350bd54d9020d6e1a05b58cc4c8ce3b86053f6f

SHA256
64b24b68a01cd5ed3abdfa24d0bf8494eeca47561b03b6127f91d7dcdb6e5dfc

SHA512
210130f382bcc24e316f96657fe2c38d91ef648f083041d196df0e2799a993cf1a3ca1590529896fc30eb90f6c7a2718417777e5000195edaa4b151f67c343f3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
1489e67c3f81b4cf51796ee243da9b1f

SHA1
f4ca565782b49516aff102c3e6ab1ed5ace521c1

SHA256
4407f30eb824749cbff359c4709099de49a5ed383fc283b10e4457cc0fd894f4

SHA512
a52e485262775c9c73a27394fcb5977b34ea5b8057b2b15affe54c1c46923c2d0c3698f65b92a060606fcf686df8aed5df9d239c5b87103b55d2284b0664b7b4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
ac76d196743a0f0b8e3b800610c9f68f

SHA1
74d2b3f2c995db8567b8d05f2cad00c03e867abd

SHA256
531f7af3460854d58ac5f7151f81f5cdb2012824974f07a7d8fbafd3d021a52e

SHA512
2900cfe87f8f654aab2aaf719b688e2637a5ea373747761eafcf0e41bbc1886aa371b7bad4687579b4f0ce064c6f2744edc84b13a0c08cc95f209d5e031896ec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
5367081b8888807e349702ef32dbc7c1

SHA1
e6f136928311cd893706b28293fea683293e30ec

SHA256
5ad62fe411d58d6550762a77b65b889d30ee4bb7fa1cf970787bf75e3ba19574

SHA512
7a7ad1901ebbfc27be0b8436537a769f8d5ee63159df57480c773ec823e87b1d40306f0c7af725bf165842090d20e6270f206e02218395f75db0129e37b1b0a1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
200KB

MD5
e1b5e93828e6b1ffed8002b1fa130abe

SHA1
117b5482ba94b7bfe4b22fb9971c7fe3ccab299d

SHA256
64ad5c2974f8c64314af5de8639f9f3896848cdfff02ca3e29b0ede44c07483e

SHA512
888802898b140d8dbc2a2ec3bf979189ae1183c8e8a724d1b6c6e5ee0233c7ff7e1a649cc0dcedc5835dc0103cf5b52303865beab0f724cc8bc2899af0fdb74f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
200KB

MD5
e1b5e93828e6b1ffed8002b1fa130abe

SHA1
117b5482ba94b7bfe4b22fb9971c7fe3ccab299d

SHA256
64ad5c2974f8c64314af5de8639f9f3896848cdfff02ca3e29b0ede44c07483e

SHA512
888802898b140d8dbc2a2ec3bf979189ae1183c8e8a724d1b6c6e5ee0233c7ff7e1a649cc0dcedc5835dc0103cf5b52303865beab0f724cc8bc2899af0fdb74f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
200KB

MD5
ecc3c2dce523d0b173d824dd0252044e

SHA1
3e9440446d3fca83582165da33c859141d4ea4f8

SHA256
62f9ce777e521d546b64296f858e3e5a1e91babb730e77d208ac46a84fff9d56

SHA512
5cc6b248e0ddfb516fff6fa8ee01cba950b6918574453ab37ee46445644d1ba2b4c6b9d70aaf0a90aa576613ae37156621ade9cf2ee1d1cd6491045832811a3b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe574cb8.TMP

Filesize
107KB

MD5
0c57b52501a8cc1b56e6a2ec93f4d1ee

SHA1
a9aeb113426b248beebe5d9dbc1aa521d0442cde

SHA256
1494291cf65a6bc361656646c2125fab46deae1d0fc54c846d0085c9c959d539

SHA512
5e8b58a1b399e83d105a15883d2ddbc041f28123a56494970685383699d99d78eaa439047f8432a442993c2b7d59b813dc0d010c21c5e4c7d2de3705adf7d7e0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Rar$EXb2312.10970\Synapse X\setup.exe

Filesize
314KB

MD5
f45ad590a0eb5fc6456ae08016dff869

SHA1
ceb94ec6770cbe17e123b21ec74c88288e8cdf2f

SHA256
bda0fe15ad675bfcb021ffa1cecac1a8bf8e1ff810cbae521335e583896b615a

SHA512
4db0e4bf7d37db0ca9c04e25c30005ed26fde547f6c38271eace7c6a429c1e6475094032b9d2d0fa81ae59ba7ce08ef45d9ea5a333d97baac9edafb846b023b1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Rar$EXb2312.10970\Synapse X\setup.exe

Filesize
314KB

MD5
f45ad590a0eb5fc6456ae08016dff869

SHA1
ceb94ec6770cbe17e123b21ec74c88288e8cdf2f

SHA256
bda0fe15ad675bfcb021ffa1cecac1a8bf8e1ff810cbae521335e583896b615a

SHA512
4db0e4bf7d37db0ca9c04e25c30005ed26fde547f6c38271eace7c6a429c1e6475094032b9d2d0fa81ae59ba7ce08ef45d9ea5a333d97baac9edafb846b023b1

Download Submit
C:\Users\Admin\Downloads\Synapse X.rar

Filesize
1.7MB

MD5
8e8486358c9a082456e82cb576f0e661

SHA1
6820aced3616374a1a42616a29dc7a4b89076fed

SHA256
e210af888f73ab151caed15e348e36855a756da8766a6c1e7d54b69e36cadb33

SHA512
bf40dc864850ed17796f873ca6f46d27436020a496026e8c4ab12d821008498962df80e776e7f68188d9e0b1f4d0bf6fa8960753cdde802f98bbda2ee8b3f337

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 265955.crdownload

Filesize
3.2MB

MD5
8d2c4844c9c32005a552d539ec8683be

SHA1
cc28ce9160783d95f8ba1bf033c702dd8b8ca714

SHA256
ec044477e50cc4d247eb576eb43e6b91feaa7651aed74d4411d3d3a9d63d7634

SHA512
bcb108886ed766cc34d1b6fd6b49c954803584fbd5773caba95e0c04fe303e8157d5dec85a4f096111effb08c8b746a3921db9e806659fcd0ca20303eece94a2

Download Submit
C:\Users\Admin\Downloads\winrar-x64-621.exe

Filesize
3.4MB

MD5
766ac70b840c029689d3c065712cf46e

SHA1
e54f4628076d81b36de97b01c098a2e7ba123663

SHA256
06d6ecc5f9d88636b0bac62218c296bfa1b2222f734c9cbed5575bd9f634e219

SHA512
49064dc2c30eecd7320a6431abfee49d250ea7cda5e8ae630d2c55325f5bdf338355ae8d7a3246b4036afce5c100b8b30599baf19ab64d20190392d2d9a28608

Download Submit
C:\Users\Admin\Downloads\winrar-x64-621.exe

Filesize
3.4MB

MD5
766ac70b840c029689d3c065712cf46e

SHA1
e54f4628076d81b36de97b01c098a2e7ba123663

SHA256
06d6ecc5f9d88636b0bac62218c296bfa1b2222f734c9cbed5575bd9f634e219

SHA512
49064dc2c30eecd7320a6431abfee49d250ea7cda5e8ae630d2c55325f5bdf338355ae8d7a3246b4036afce5c100b8b30599baf19ab64d20190392d2d9a28608

Download Submit
memory/5128-736-0x000000000C250000-0x000000000C856000-memory.dmp

Filesize
6.0MB

Download
memory/5128-740-0x000000000BCA0000-0x000000000BCDE000-memory.dmp

Filesize
248KB

Download
memory/5128-747-0x000000000CC00000-0x000000000CC92000-memory.dmp

Filesize
584KB

Download
memory/5128-748-0x000000000D1A0000-0x000000000D69E000-memory.dmp

Filesize
5.0MB

Download
memory/5128-755-0x000000000CCA0000-0x000000000CD16000-memory.dmp

Filesize
472KB

Download
memory/5128-741-0x000000000BCE0000-0x000000000BD2B000-memory.dmp

Filesize
300KB

Download
memory/5128-757-0x000000000CEF0000-0x000000000D0B2000-memory.dmp

Filesize
1.8MB

Download
memory/5128-746-0x000000000C010000-0x000000000C076000-memory.dmp

Filesize
408KB

Download
memory/5128-767-0x000000000DBD0000-0x000000000E0FC000-memory.dmp

Filesize
5.2MB

Download
memory/5128-768-0x000000000CDF0000-0x000000000CE0E000-memory.dmp

Filesize
120KB

Download
memory/5128-739-0x000000000BF90000-0x000000000BFA0000-memory.dmp

Filesize
64KB

Download
memory/5128-770-0x000000000CE90000-0x000000000CEE0000-memory.dmp

Filesize
320KB

Download
memory/5128-1065-0x000000000BF90000-0x000000000BFA0000-memory.dmp

Filesize
64KB

Download
memory/5128-738-0x000000000BD70000-0x000000000BE7A000-memory.dmp

Filesize
1.0MB

Download
memory/5128-737-0x000000000BC40000-0x000000000BC52000-memory.dmp

Filesize
72KB

Download
memory/5128-728-0x0000000000400000-0x0000000000428000-memory.dmp

Filesize
160KB

Download