cabfd35270bff1aa725ff1f06aa941a487f9cc9047db2f99b68459d8a9bd8668

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
06/08/2024, 00:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Synapse X.exe
Size

638KB
MD5

2e620ee17a3eff8d2762e17303a708a8
SHA1

4bb549d5be0ee45a4302ef6abe82d4774231ed79
SHA256

cabfd35270bff1aa725ff1f06aa941a487f9cc9047db2f99b68459d8a9bd8668
SHA512

417fac9d238baee19b69ff16fb44e6b3edf6901198175c4bd4b95200db7b0c27af0107ae027a16cc7f6bac2baf56dace55ba9c0952553e41096372339a345850
SSDEEP

6144:gD9rCdBnt1ZZPbhWeXfk9CBnt1ZZPbhWeXf6eB25ZntS:gBrC3nt1ZZPbhWok4nt1ZZPbhWovc

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1408	3872	WerFault.exe	82

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Synapse X.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Synapse X.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133673761478570377"	chrome.exe

Modifies registry class 27 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell	Synapse X.exe
Key created	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0	Synapse X.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\0\0\0 = 5a0031000000000006597900100053796e61707365580000420009000400efbe06597900065979002e0000002834020000000800000000000000000000000000000006862900530079006e0061007000730065005800000018000000	Synapse X.exe
Key created	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	Synapse X.exe
Key created	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\0	Synapse X.exe
Key created	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1	Synapse X.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\0\0\MRUListEx = 00000000ffffffff	Synapse X.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\0\0\0\MRUListEx = 00000000ffffffff	Synapse X.exe
Key created	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	Synapse X.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell\SniffedFolderType = "Generic"	Synapse X.exe
Key created	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	Synapse X.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff	Synapse X.exe
Key created	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\0\0\0	Synapse X.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202020202	Synapse X.exe
Key created	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5	Synapse X.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	Synapse X.exe
Key created	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\WOW6432Node\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	Synapse X.exe
Key created	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings	Synapse X.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 0100000000000000ffffffff	Synapse X.exe
Key created	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1	Synapse X.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\0\0\0\0 = 56003100000000000659790010007363726970747300400009000400efbe06597900065979002e000000d03402000000070000000000000000000000000000001a0252007300630072006900700074007300000016000000	Synapse X.exe
Key created	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\0\0\0\0	Synapse X.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\0\0\0\0\NodeSlot = "5"	Synapse X.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\0\0\0\0\MRUListEx = ffffffff	Synapse X.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202	Synapse X.exe
Key created	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\0\0	Synapse X.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1628	chrome.exe
1628	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeManageVolumePrivilege	3764	svchost.exe
Token: SeShutdownPrivilege	1628	chrome.exe
Token: SeCreatePagefilePrivilege	1628	chrome.exe
Token: SeShutdownPrivilege	1628	chrome.exe
Token: SeCreatePagefilePrivilege	1628	chrome.exe
Token: SeShutdownPrivilege	1628	chrome.exe
Token: SeCreatePagefilePrivilege	1628	chrome.exe
Token: SeShutdownPrivilege	1628	chrome.exe
Token: SeCreatePagefilePrivilege	1628	chrome.exe
Token: SeShutdownPrivilege	1628	chrome.exe
Token: SeCreatePagefilePrivilege	1628	chrome.exe
Token: SeShutdownPrivilege	1628	chrome.exe
Token: SeCreatePagefilePrivilege	1628	chrome.exe
Token: SeShutdownPrivilege	1628	chrome.exe
Token: SeCreatePagefilePrivilege	1628	chrome.exe
Token: SeShutdownPrivilege	1628	chrome.exe
Token: SeCreatePagefilePrivilege	1628	chrome.exe
Token: SeShutdownPrivilege	1628	chrome.exe
Token: SeCreatePagefilePrivilege	1628	chrome.exe
Token: SeShutdownPrivilege	1628	chrome.exe
Token: SeCreatePagefilePrivilege	1628	chrome.exe
Token: SeShutdownPrivilege	1628	chrome.exe
Token: SeCreatePagefilePrivilege	1628	chrome.exe
Token: SeShutdownPrivilege	1628	chrome.exe
Token: SeCreatePagefilePrivilege	1628	chrome.exe
Token: SeShutdownPrivilege	1628	chrome.exe
Token: SeCreatePagefilePrivilege	1628	chrome.exe
Token: SeShutdownPrivilege	1628	chrome.exe
Token: SeCreatePagefilePrivilege	1628	chrome.exe
Token: SeShutdownPrivilege	1628	chrome.exe
Token: SeCreatePagefilePrivilege	1628	chrome.exe
Token: SeShutdownPrivilege	1628	chrome.exe
Token: SeCreatePagefilePrivilege	1628	chrome.exe
Token: SeShutdownPrivilege	1628	chrome.exe
Token: SeCreatePagefilePrivilege	1628	chrome.exe
Token: SeShutdownPrivilege	1628	chrome.exe
Token: SeCreatePagefilePrivilege	1628	chrome.exe
Token: SeShutdownPrivilege	1628	chrome.exe
Token: SeCreatePagefilePrivilege	1628	chrome.exe
Token: SeShutdownPrivilege	1628	chrome.exe
Token: SeCreatePagefilePrivilege	1628	chrome.exe
Token: SeShutdownPrivilege	1628	chrome.exe
Token: SeCreatePagefilePrivilege	1628	chrome.exe
Token: SeShutdownPrivilege	1628	chrome.exe
Token: SeCreatePagefilePrivilege	1628	chrome.exe
Token: SeShutdownPrivilege	1628	chrome.exe
Token: SeCreatePagefilePrivilege	1628	chrome.exe
Token: SeShutdownPrivilege	1628	chrome.exe
Token: SeCreatePagefilePrivilege	1628	chrome.exe
Token: SeShutdownPrivilege	1628	chrome.exe
Token: SeCreatePagefilePrivilege	1628	chrome.exe
Token: SeShutdownPrivilege	1628	chrome.exe
Token: SeCreatePagefilePrivilege	1628	chrome.exe
Token: SeShutdownPrivilege	1628	chrome.exe
Token: SeCreatePagefilePrivilege	1628	chrome.exe
Token: SeShutdownPrivilege	1628	chrome.exe
Token: SeCreatePagefilePrivilege	1628	chrome.exe
Token: SeShutdownPrivilege	1628	chrome.exe
Token: SeCreatePagefilePrivilege	1628	chrome.exe
Token: SeShutdownPrivilege	1628	chrome.exe
Token: SeCreatePagefilePrivilege	1628	chrome.exe
Token: SeShutdownPrivilege	1628	chrome.exe
Token: SeCreatePagefilePrivilege	1628	chrome.exe
Token: SeShutdownPrivilege	1628	chrome.exe

Suspicious use of FindShellTrayWindow 39 IoCs

pid	Process
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4480	Synapse X.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1628 wrote to memory of 4880	1628	chrome.exe	105
PID 1628 wrote to memory of 4880	1628	chrome.exe	105
PID 1628 wrote to memory of 4632	1628	chrome.exe	106
PID 1628 wrote to memory of 4632	1628	chrome.exe	106
PID 1628 wrote to memory of 4632	1628	chrome.exe	106
PID 1628 wrote to memory of 4632	1628	chrome.exe	106
PID 1628 wrote to memory of 4632	1628	chrome.exe	106
PID 1628 wrote to memory of 4632	1628	chrome.exe	106
PID 1628 wrote to memory of 4632	1628	chrome.exe	106
PID 1628 wrote to memory of 4632	1628	chrome.exe	106
PID 1628 wrote to memory of 4632	1628	chrome.exe	106
PID 1628 wrote to memory of 4632	1628	chrome.exe	106
PID 1628 wrote to memory of 4632	1628	chrome.exe	106
PID 1628 wrote to memory of 4632	1628	chrome.exe	106
PID 1628 wrote to memory of 4632	1628	chrome.exe	106
PID 1628 wrote to memory of 4632	1628	chrome.exe	106
PID 1628 wrote to memory of 4632	1628	chrome.exe	106
PID 1628 wrote to memory of 4632	1628	chrome.exe	106
PID 1628 wrote to memory of 4632	1628	chrome.exe	106
PID 1628 wrote to memory of 4632	1628	chrome.exe	106
PID 1628 wrote to memory of 4632	1628	chrome.exe	106
PID 1628 wrote to memory of 4632	1628	chrome.exe	106
PID 1628 wrote to memory of 4632	1628	chrome.exe	106
PID 1628 wrote to memory of 4632	1628	chrome.exe	106
PID 1628 wrote to memory of 4632	1628	chrome.exe	106
PID 1628 wrote to memory of 4632	1628	chrome.exe	106
PID 1628 wrote to memory of 4632	1628	chrome.exe	106
PID 1628 wrote to memory of 4632	1628	chrome.exe	106
PID 1628 wrote to memory of 4632	1628	chrome.exe	106
PID 1628 wrote to memory of 4632	1628	chrome.exe	106
PID 1628 wrote to memory of 4632	1628	chrome.exe	106
PID 1628 wrote to memory of 4632	1628	chrome.exe	106
PID 1628 wrote to memory of 2908	1628	chrome.exe	107
PID 1628 wrote to memory of 2908	1628	chrome.exe	107
PID 1628 wrote to memory of 1932	1628	chrome.exe	108
PID 1628 wrote to memory of 1932	1628	chrome.exe	108
PID 1628 wrote to memory of 1932	1628	chrome.exe	108
PID 1628 wrote to memory of 1932	1628	chrome.exe	108
PID 1628 wrote to memory of 1932	1628	chrome.exe	108
PID 1628 wrote to memory of 1932	1628	chrome.exe	108
PID 1628 wrote to memory of 1932	1628	chrome.exe	108
PID 1628 wrote to memory of 1932	1628	chrome.exe	108
PID 1628 wrote to memory of 1932	1628	chrome.exe	108
PID 1628 wrote to memory of 1932	1628	chrome.exe	108
PID 1628 wrote to memory of 1932	1628	chrome.exe	108
PID 1628 wrote to memory of 1932	1628	chrome.exe	108
PID 1628 wrote to memory of 1932	1628	chrome.exe	108
PID 1628 wrote to memory of 1932	1628	chrome.exe	108
PID 1628 wrote to memory of 1932	1628	chrome.exe	108
PID 1628 wrote to memory of 1932	1628	chrome.exe	108
PID 1628 wrote to memory of 1932	1628	chrome.exe	108
PID 1628 wrote to memory of 1932	1628	chrome.exe	108
PID 1628 wrote to memory of 1932	1628	chrome.exe	108
PID 1628 wrote to memory of 1932	1628	chrome.exe	108
PID 1628 wrote to memory of 1932	1628	chrome.exe	108
PID 1628 wrote to memory of 1932	1628	chrome.exe	108
PID 1628 wrote to memory of 1932	1628	chrome.exe	108
PID 1628 wrote to memory of 1932	1628	chrome.exe	108
PID 1628 wrote to memory of 1932	1628	chrome.exe	108
PID 1628 wrote to memory of 1932	1628	chrome.exe	108
PID 1628 wrote to memory of 1932	1628	chrome.exe	108
PID 1628 wrote to memory of 1932	1628	chrome.exe	108
PID 1628 wrote to memory of 1932	1628	chrome.exe	108
PID 1628 wrote to memory of 1932	1628	chrome.exe	108

C:\Users\Admin\AppData\Local\Temp\Synapse X.exe
"C:\Users\Admin\AppData\Local\Temp\Synapse X.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:3872
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3872 -s 1140
  2⤵
  - Program crash
  PID:1408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 3872 -ip 3872
1⤵
PID:2424

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4692

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k UnistackSvcGroup
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3764

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffe1663cc40,0x7ffe1663cc4c,0x7ffe1663cc58
  2⤵
  PID:4880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2020,i,6782444980263741932,8936856844553312463,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2016 /prefetch:2
  2⤵
  PID:4632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2092,i,6782444980263741932,8936856844553312463,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2200 /prefetch:3
  2⤵
  PID:2908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2328,i,6782444980263741932,8936856844553312463,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2316 /prefetch:8
  2⤵
  PID:1932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3188,i,6782444980263741932,8936856844553312463,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3208 /prefetch:1
  2⤵
  PID:868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3268,i,6782444980263741932,8936856844553312463,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:2256
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3904,i,6782444980263741932,8936856844553312463,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3920 /prefetch:1
  2⤵
  PID:4608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4864,i,6782444980263741932,8936856844553312463,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4872 /prefetch:8
  2⤵
  PID:3204
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4904,i,6782444980263741932,8936856844553312463,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4900 /prefetch:8
  2⤵
  PID:436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=1244,i,6782444980263741932,8936856844553312463,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5168 /prefetch:1
  2⤵
  PID:3728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=4840,i,6782444980263741932,8936856844553312463,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4548 /prefetch:1
  2⤵
  PID:5052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5180,i,6782444980263741932,8936856844553312463,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4536 /prefetch:1
  2⤵
  PID:456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5360,i,6782444980263741932,8936856844553312463,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3480 /prefetch:1
  2⤵
  PID:3004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3588,i,6782444980263741932,8936856844553312463,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3584 /prefetch:8
  2⤵
  PID:2596

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4308

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:680

C:\Users\Admin\Downloads\SynapseX\Synapse X.exe
"C:\Users\Admin\Downloads\SynapseX\Synapse X.exe"
1⤵
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4480

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Comms\UnistoreDB\store.jfm

Filesize
16KB

MD5
0aded145dee3459ab2a6dc4fc2e01565

SHA1
a1972d0ad3d300958c67fad8ffcc424cb93cf7ba

SHA256
638fe765868ef0ab867c9c0842593a8c3d394c9ffe4a89e119b42a2e11f89afd

SHA512
fad3e329626ced3a6730e324dda46c903b642033e5b4e08a026dd2ebfc1c1b687159677cbaa34502155055dc63a94d113aa0b38e2af6ee7ce42d509116646211

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
d0dbbb2ab826c8b09ed17521b18d5686

SHA1
62311fa4e8ce779c6f1aae095cc762884f7e3b96

SHA256
62f902b4a8cc0e75007a4f421e40bec996a61a55237be144a808bdedfebf7e7f

SHA512
8093e3835a4fe2349a7c9a1816c23bfec6ed483b1db1bf531ae1ef531b05b93b899a361d05ed8001b703aebdc0b9326ff3b5ee21b36a6a951d435f58d9459a34

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
401cd8fc51b5a76c2af44a1506541ddd

SHA1
0f7209662ce5e940159c547ddf7480c6a8a969b2

SHA256
06ad62ef06002f77abd6d687543e8f10d82fb5e33e5a3b7926eb10040dfee08b

SHA512
29815c144f5b5599548c6d86c648a2fc9c4fc0a155c793ae8c048516595f535589d9be3a68afda445d9e8b168ff53151b28fa7e50b73318e319143795ab4ef10

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
138be76f43317461afafa6d645153497

SHA1
438a7ef0a71b9d0a843244846235b84e896ac434

SHA256
31b715fb37262223e722065d30685a547a94cbd9c9d36d2528d5f59d588e26d8

SHA512
04b30d9b5e7abfe73af42dfeb8b64fbc0c5dc68c636e9283ed94bd8217d56054e660892094164f173bc0070eb498f226e3309057e92b0461f1360efa3615cec5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
522B

MD5
7def4e947a8f576db8c3507cd6096afb

SHA1
7c1347e5b930a3626a1022d8113a1ec0009eae62

SHA256
6f449e759b393fee8d5a9b60b2da8cf1e9ab4f910917f7929782f7fb3006323f

SHA512
57b7804db83bf5f22aa0ec4cd04dcb5ba07359edb43f22b6e4cf6c84de40d5db589938e8274de4dbd897f9e40da125fefb4d3b4d6ea1a9d3f3e6b6a591da0421

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
a8f71c7df36c21e7879a31c82979bb7b

SHA1
62c39f4f7c0e4553b4750992cb411ad1088bb917

SHA256
9cdaaf34e0b07fa636f95013e7d04c4f7384bef6da40878138bbd8cc995f6299

SHA512
2e0259dbc4d5fa1549362a55cfedbd670897dcd04e4f8349e0429c551df7c842495cef4e55ebfc3feb6cbd1c5f59a874ec8d2862ff94ad22be857cc38d981eb9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
3b486cf8d37b62e50d7707778075cd8f

SHA1
7ab59dea89ef480e7836651da688c6f964e57838

SHA256
6a0a792de027438c6f85025057da62eee0b6216563de48307b128aa3210ebb0d

SHA512
7fc8eccc527bafb64e1af47ad3afeedcd5974796050b728c8caeba786c546c48e4646c77ea5e6d1b21eea1fcb4aa417904557d5b434b2b0d82692d9fc3eac763

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
509b8b798865c1dedace81c5fc878679

SHA1
db19d2d2a05c05a01b71d9830bfa2ec86d8ca54a

SHA256
c7462403a215444bd9ddd6042e68f60b0d3d5d23926f8e3c5a4804de85f38c29

SHA512
13a7f222b810cf8a5f416854b4ce31a7e6ea96f7a4b6c00105f62fa388c39264ce519451bd534c9a7b12724a485abc3eae4da33ef22a79481f418b33ef1c5a6b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
0503ab112011ba7299725f39e19d4335

SHA1
1c5531391591e79d98dd8985196f57c345156ba2

SHA256
6f1dfb1c62505a19e5c5bc9a13754978a406401bc4cbe3ef4f72de15b836ba15

SHA512
4350f5d38f217c1decf7c1038ee2c235efd9b948cadc3bea43115b541d518df5b4fa003fd4cab2c2d973cf6d678c8a3b8959d8adf2841f0f67e1b91fb785befa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
199f78461885ce842d4b6949e40d654e

SHA1
5a8258a099ce1136d75344c5a3779887c77550ee

SHA256
7babd8f60104b75da583c3581507ca9d10b1f94889286647b31eb9e20932b38f

SHA512
d48447820986595528bdf629a7050b89b98801b30b206aa143dcfc4151c7c8b6dfb03b577bb052b234a9c45f8d2f8ea248c53c68c7f63edbb59ee056b501cdd9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\aa42ecfb-a4d4-4262-bbc5-5d1d1cfbdef3.tmp

Filesize
9KB

MD5
1abf3258a4ebfc4390a081d0dbf7e005

SHA1
6932134dbf841f18b7959253ca7e98a5e1cb49fa

SHA256
76ade4a8fd8ec20b54de7e2f156dc7c5c92a3a1757fae527e7d00c0f934641e1

SHA512
97eff965452e3751f119143369cd9a8b3ac3a02ede6be5ec0e946aa705d877d6b510d9564d8df652e41f65a085620be27706de9df4bcf793a8980794b2b43f92

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
195KB

MD5
f6c5cdb4fe25bb5360c9c77688683577

SHA1
800bcde8df102b9a88cd0cb58166b4c4fead55a9

SHA256
b004dd855fc9891e93abe549bf7079c5ee1393178db11ac3cf7e3fd22157f3c2

SHA512
bfb0985fa9550946a10aec3c2934bf980987e5aeec900d5b6ad766d613dfbd9576e1128eba1db5f6dc71da077376974f286949dae8b3b5dfc710b65d034e28a7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
195KB

MD5
0de17ff732f18833c231e6b22e4108bf

SHA1
e4e5588055137574518e3de62a36d6ba5d64b95f

SHA256
92e41b896af15325afa7096b6229f13ec04d5510aebfb2a61e3f535bdc2373fc

SHA512
edbd2bdc0979613a498238d7791ecc86359f45ec7835485329429cff349bd28a5a34da147e57b8b5ed6b771fce93109a03d34bef7b20c3c09f2b33c84c73671e

Download Submit
memory/3764-41-0x0000021041470000-0x0000021041471000-memory.dmp

Filesize
4KB

Download
memory/3764-44-0x0000021041470000-0x0000021041471000-memory.dmp

Filesize
4KB

Download
memory/3764-47-0x0000021041470000-0x0000021041471000-memory.dmp

Filesize
4KB

Download
memory/3764-48-0x0000021041470000-0x0000021041471000-memory.dmp

Filesize
4KB

Download
memory/3764-49-0x0000021041470000-0x0000021041471000-memory.dmp

Filesize
4KB

Download
memory/3764-50-0x00000210410A0000-0x00000210410A1000-memory.dmp

Filesize
4KB

Download
memory/3764-51-0x0000021041090000-0x0000021041091000-memory.dmp

Filesize
4KB

Download
memory/3764-53-0x00000210410A0000-0x00000210410A1000-memory.dmp

Filesize
4KB

Download
memory/3764-56-0x0000021041090000-0x0000021041091000-memory.dmp

Filesize
4KB

Download
memory/3764-59-0x0000021040FD0000-0x0000021040FD1000-memory.dmp

Filesize
4KB

Download
memory/3764-45-0x0000021041470000-0x0000021041471000-memory.dmp

Filesize
4KB

Download
memory/3764-71-0x00000210411D0000-0x00000210411D1000-memory.dmp

Filesize
4KB

Download
memory/3764-73-0x00000210411E0000-0x00000210411E1000-memory.dmp

Filesize
4KB

Download
memory/3764-74-0x00000210411E0000-0x00000210411E1000-memory.dmp

Filesize
4KB

Download
memory/3764-75-0x00000210412F0000-0x00000210412F1000-memory.dmp

Filesize
4KB

Download
memory/3764-46-0x0000021041470000-0x0000021041471000-memory.dmp

Filesize
4KB

Download
memory/3764-43-0x0000021041470000-0x0000021041471000-memory.dmp

Filesize
4KB

Download
memory/3764-42-0x0000021041470000-0x0000021041471000-memory.dmp

Filesize
4KB

Download
memory/3764-7-0x0000021038D60000-0x0000021038D70000-memory.dmp

Filesize
64KB

Download
memory/3764-40-0x0000021041470000-0x0000021041471000-memory.dmp

Filesize
4KB

Download
memory/3764-39-0x0000021041450000-0x0000021041451000-memory.dmp

Filesize
4KB

Download
memory/3764-23-0x0000021038E60000-0x0000021038E70000-memory.dmp

Filesize
64KB

Download
memory/3872-0-0x00000000749CE000-0x00000000749CF000-memory.dmp

Filesize
4KB

Download
memory/3872-6-0x00000000749C0000-0x0000000075170000-memory.dmp

Filesize
7.7MB

Download
memory/3872-5-0x00000000749C0000-0x0000000075170000-memory.dmp

Filesize
7.7MB

Download
memory/3872-4-0x0000000005910000-0x000000000591A000-memory.dmp

Filesize
40KB

Download
memory/3872-3-0x0000000005990000-0x0000000005A22000-memory.dmp

Filesize
584KB

Download
memory/3872-2-0x0000000005F40000-0x00000000064E4000-memory.dmp

Filesize
5.6MB

Download
memory/3872-1-0x0000000000E90000-0x0000000000F36000-memory.dmp

Filesize
664KB

Download
memory/4480-228-0x0000000007B50000-0x0000000007BA8000-memory.dmp

Filesize
352KB

Download