119aaa6ef1675da84d3c30e6b95798373f19025565023fc47b2a5f9bf38b13a1

Resubmissions

06/08/2024, 17:18

240806-vvklzavdnl 7

06/08/2024, 17:17

240806-vtxj5sydng 8

Analysis

max time kernel
144s
max time network
151s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
06/08/2024, 17:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

net6.0-windows/Synapse Launcher.exe
Size

364KB
MD5

8e4bb833d6f9b8a1bdcc68afd172a3e1
SHA1

a5e4a61fa5208cf4b62f4184a4c54a9da4b4767a
SHA256

9461633b077bbac197bbb7328e04855ced2ef4da34d8b8a9a993ef3c9653222e
SHA512

a4973a187804a2181c94303b391d1608a3083bb7c019c9b4f83808ab78b7b9023997521435d0652a69f737763b6ba18204bed419c8b33cca566b920f374bdb8d
SSDEEP

3072:j8vbzyQ6Y1YXrbNK+3FNxacPEMk6VRQA9TWMKWzzY:jszAXNK+3FVBRQKTWM

Score

6^/10

discovery

Malware Config

Signatures

Network Share Discovery 1 TTPs
Attempt to gather information on host network.
discovery

Network Share Discovery
T1135

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedgewebview2.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedgewebview2.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedgewebview2.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1812	Synapse Launcher.exe
1812	Synapse Launcher.exe
4540	msedgewebview2.exe
4540	msedgewebview2.exe
4996	msedgewebview2.exe
4996	msedgewebview2.exe
2352	msedgewebview2.exe
2352	msedgewebview2.exe
2352	msedgewebview2.exe
2352	msedgewebview2.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 1 IoCs

pid	Process
2224	msedgewebview2.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1812	Synapse Launcher.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2224	msedgewebview2.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1812 wrote to memory of 2224	1812	Synapse Launcher.exe	83
PID 1812 wrote to memory of 2224	1812	Synapse Launcher.exe	83
PID 2224 wrote to memory of 400	2224	msedgewebview2.exe	84
PID 2224 wrote to memory of 400	2224	msedgewebview2.exe	84
PID 2224 wrote to memory of 1648	2224	msedgewebview2.exe	85
PID 2224 wrote to memory of 1648	2224	msedgewebview2.exe	85
PID 2224 wrote to memory of 1648	2224	msedgewebview2.exe	85
PID 2224 wrote to memory of 1648	2224	msedgewebview2.exe	85
PID 2224 wrote to memory of 1648	2224	msedgewebview2.exe	85
PID 2224 wrote to memory of 1648	2224	msedgewebview2.exe	85
PID 2224 wrote to memory of 1648	2224	msedgewebview2.exe	85
PID 2224 wrote to memory of 1648	2224	msedgewebview2.exe	85
PID 2224 wrote to memory of 1648	2224	msedgewebview2.exe	85
PID 2224 wrote to memory of 1648	2224	msedgewebview2.exe	85
PID 2224 wrote to memory of 1648	2224	msedgewebview2.exe	85
PID 2224 wrote to memory of 1648	2224	msedgewebview2.exe	85
PID 2224 wrote to memory of 1648	2224	msedgewebview2.exe	85
PID 2224 wrote to memory of 1648	2224	msedgewebview2.exe	85
PID 2224 wrote to memory of 1648	2224	msedgewebview2.exe	85
PID 2224 wrote to memory of 1648	2224	msedgewebview2.exe	85
PID 2224 wrote to memory of 1648	2224	msedgewebview2.exe	85
PID 2224 wrote to memory of 1648	2224	msedgewebview2.exe	85
PID 2224 wrote to memory of 1648	2224	msedgewebview2.exe	85
PID 2224 wrote to memory of 1648	2224	msedgewebview2.exe	85
PID 2224 wrote to memory of 1648	2224	msedgewebview2.exe	85
PID 2224 wrote to memory of 1648	2224	msedgewebview2.exe	85
PID 2224 wrote to memory of 1648	2224	msedgewebview2.exe	85
PID 2224 wrote to memory of 1648	2224	msedgewebview2.exe	85
PID 2224 wrote to memory of 1648	2224	msedgewebview2.exe	85
PID 2224 wrote to memory of 1648	2224	msedgewebview2.exe	85
PID 2224 wrote to memory of 1648	2224	msedgewebview2.exe	85
PID 2224 wrote to memory of 1648	2224	msedgewebview2.exe	85
PID 2224 wrote to memory of 1648	2224	msedgewebview2.exe	85
PID 2224 wrote to memory of 1648	2224	msedgewebview2.exe	85
PID 2224 wrote to memory of 1648	2224	msedgewebview2.exe	85
PID 2224 wrote to memory of 1648	2224	msedgewebview2.exe	85
PID 2224 wrote to memory of 1648	2224	msedgewebview2.exe	85
PID 2224 wrote to memory of 1648	2224	msedgewebview2.exe	85
PID 2224 wrote to memory of 1648	2224	msedgewebview2.exe	85
PID 2224 wrote to memory of 1648	2224	msedgewebview2.exe	85
PID 2224 wrote to memory of 1648	2224	msedgewebview2.exe	85
PID 2224 wrote to memory of 1648	2224	msedgewebview2.exe	85
PID 2224 wrote to memory of 1648	2224	msedgewebview2.exe	85
PID 2224 wrote to memory of 1648	2224	msedgewebview2.exe	85
PID 2224 wrote to memory of 4540	2224	msedgewebview2.exe	86
PID 2224 wrote to memory of 4540	2224	msedgewebview2.exe	86
PID 2224 wrote to memory of 2428	2224	msedgewebview2.exe	87
PID 2224 wrote to memory of 2428	2224	msedgewebview2.exe	87
PID 2224 wrote to memory of 2428	2224	msedgewebview2.exe	87
PID 2224 wrote to memory of 2428	2224	msedgewebview2.exe	87
PID 2224 wrote to memory of 2428	2224	msedgewebview2.exe	87
PID 2224 wrote to memory of 2428	2224	msedgewebview2.exe	87
PID 2224 wrote to memory of 2428	2224	msedgewebview2.exe	87
PID 2224 wrote to memory of 2428	2224	msedgewebview2.exe	87
PID 2224 wrote to memory of 2428	2224	msedgewebview2.exe	87
PID 2224 wrote to memory of 2428	2224	msedgewebview2.exe	87
PID 2224 wrote to memory of 2428	2224	msedgewebview2.exe	87
PID 2224 wrote to memory of 2428	2224	msedgewebview2.exe	87
PID 2224 wrote to memory of 2428	2224	msedgewebview2.exe	87
PID 2224 wrote to memory of 2428	2224	msedgewebview2.exe	87
PID 2224 wrote to memory of 2428	2224	msedgewebview2.exe	87
PID 2224 wrote to memory of 2428	2224	msedgewebview2.exe	87
PID 2224 wrote to memory of 2428	2224	msedgewebview2.exe	87
PID 2224 wrote to memory of 2428	2224	msedgewebview2.exe	87

C:\Users\Admin\AppData\Local\Temp\net6.0-windows\Synapse Launcher.exe
"C:\Users\Admin\AppData\Local\Temp\net6.0-windows\Synapse Launcher.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1812
- C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
  "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name="Synapse Launcher.exe" --webview-exe-version=0.0.0.0 --user-data-dir="C:\Users\Admin\AppData\Local\Temp\net6.0-windows\lib\WebView2Files\EBWebView" --no-default-browser-check --disable-component-extensions-with-background-pages --no-first-run --disable-default-apps --noerrdialogs --embedded-browser-webview-dpi-awareness=0 --disable-popup-blocking --internet-explorer-integration=none --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc" --mojo-named-platform-channel-pipe=1812.4496.1875330914742008759
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:2224
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Local\Temp\net6.0-windows\lib\WebView2Files\EBWebView /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Local\Temp\net6.0-windows\lib\WebView2Files\EBWebView\Crashpad --metrics-dir=C:\Users\Admin\AppData\Local\Temp\net6.0-windows\lib\WebView2Files\EBWebView --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=90.0.818.66 --initial-client-data=0x108,0x10c,0x110,0xe4,0x1b4,0x7ffb2ac73cb8,0x7ffb2ac73cc8,0x7ffb2ac73cd8
    3⤵
    PID:400
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=gpu-process --field-trial-handle=1880,7604875377481558269,15777678448675367768,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\net6.0-windows\lib\WebView2Files\EBWebView" --webview-exe-name="Synapse Launcher.exe" --webview-exe-version=0.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1832 /prefetch:2
    3⤵
    PID:1648
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1880,7604875377481558269,15777678448675367768,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\net6.0-windows\lib\WebView2Files\EBWebView" --webview-exe-name="Synapse Launcher.exe" --webview-exe-version=0.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --mojo-platform-channel-handle=2168 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4540
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1880,7604875377481558269,15777678448675367768,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --service-sandbox-type=utility --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\net6.0-windows\lib\WebView2Files\EBWebView" --webview-exe-name="Synapse Launcher.exe" --webview-exe-version=0.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --mojo-platform-channel-handle=2488 /prefetch:8
    3⤵
    PID:2428
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=renderer --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc" --field-trial-handle=1880,7604875377481558269,15777678448675367768,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\net6.0-windows\lib\WebView2Files\EBWebView" --webview-exe-name="Synapse Launcher.exe" --webview-exe-version=0.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3020 /prefetch:1
    3⤵
    PID:3612
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1880,7604875377481558269,15777678448675367768,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\net6.0-windows\lib\WebView2Files\EBWebView" --webview-exe-name="Synapse Launcher.exe" --webview-exe-version=0.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --mojo-platform-channel-handle=4396 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4996
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1880,7604875377481558269,15777678448675367768,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --service-sandbox-type=utility --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\net6.0-windows\lib\WebView2Files\EBWebView" --webview-exe-name="Synapse Launcher.exe" --webview-exe-version=0.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --mojo-platform-channel-handle=5040 /prefetch:8
    3⤵
    PID:1096
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=gpu-process --field-trial-handle=1880,7604875377481558269,15777678448675367768,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\net6.0-windows\lib\WebView2Files\EBWebView" --webview-exe-name="Synapse Launcher.exe" --webview-exe-version=0.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=4040 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2352
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1880,7604875377481558269,15777678448675367768,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --service-sandbox-type=utility --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\net6.0-windows\lib\WebView2Files\EBWebView" --webview-exe-name="Synapse Launcher.exe" --webview-exe-version=0.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --mojo-platform-channel-handle=1180 /prefetch:8
    3⤵
    PID:2552

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3764

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3336

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Share Discovery

T1135

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\net6.0-windows\lib\WebView2Files\EBWebView\Crashpad\settings.dat

Filesize
152B

MD5
e958b09c52365240fe7219a201c1a145

SHA1
4d62b5e48b6bd8dcb3388c76f95c5831b467365e

SHA256
cdd6fd80d202e354af644e8c9a933945f848a34a70ae972932d30af6cd452864

SHA512
2adf83397d3b9f9eac2c17e9df02a5588073c0d600b68afbe181fe62fc64086c39cd15184f92dbcb151a2a553e620078ca151de83de7b515a034cabcc4484bb4

Download Submit
C:\Users\Admin\AppData\Local\Temp\net6.0-windows\lib\WebView2Files\EBWebView\Crashpad\settings.dat

Filesize
152B

MD5
e390a09fab5ae40d440e6c26bf77da90

SHA1
1bf369f633d1be290d5f5c75f18b190a1a0b268b

SHA256
e30009b73645eaa6091db5342e342eb7fc5aa4818b97a92df627a2ce218ca52a

SHA512
4fa0e3ab62b0069847a9659a46d0d0e049bff0d129ba86684594fc021383359ab34f626fd077ddb67521ddb1de75bda1d810410c08b45ccac5001ad692ae3108

Download Submit
C:\Users\Admin\AppData\Local\Temp\net6.0-windows\lib\WebView2Files\EBWebView\Default\Network Persistent State

Filesize
772B

MD5
43468c67f1bb53620fa847eac50a9b65

SHA1
2c988809592f5995874ab9b84e3c7315d4030fef

SHA256
a3d8ad1cc5b7c410dd41ebcacdb556762797485a6f22ef640c4db37f5d528d59

SHA512
666e42cd8200debfc5d97a2d41e5c7c65408a7d8dd3038f1019faed116ecad7ae0c3d27caaca48a2381d08b4843388c7c9cdb496c105b1c568a2c9f6716b204d

Download Submit
C:\Users\Admin\AppData\Local\Temp\net6.0-windows\lib\WebView2Files\EBWebView\Default\Network Persistent State~RFe589843.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Local\Temp\net6.0-windows\lib\WebView2Files\EBWebView\Default\Preferences

Filesize
19KB

MD5
54de96f2cbacf676c09c6385e58cca56

SHA1
7ea95266c12315bfdd4a12ef11914b0928dffbe2

SHA256
814f865cd939f5957130936db2ef6a2138f4381cb4ab6fba6b84e6d1ebdfe19a

SHA512
8ba063f25c031c62e47f39cfe773e4a18543ae847827dc964d5dfd07488b185ab13e4b1948bb8a10fd7ccd305645bc0282b1b46bd25c4a5c1c0c9c1fdf3c846d

Download Submit
C:\Users\Admin\AppData\Local\Temp\net6.0-windows\lib\WebView2Files\EBWebView\Default\Secure Preferences

Filesize
9KB

MD5
2f8907f27cdd507869daf8b9ce597681

SHA1
147a760d7bfed9df537f07ca1302b93193aaddd7

SHA256
124f7943028addc60f384680f3c983bcb1351bc11248fd3ff97c2ceb69d4bf4f

SHA512
c4844bccd6f4e27bb692d1e4b918c1418525fbf27e259f3ca526d96e3b3cc11bcbed07b97b0c4ae5fa07ae3b60ef85f532eae3c1be520320cecbfb16ffc44ed9

Download Submit
C:\Users\Admin\AppData\Local\Temp\net6.0-windows\lib\WebView2Files\EBWebView\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Temp\net6.0-windows\lib\WebView2Files\EBWebView\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Temp\net6.0-windows\lib\WebView2Files\EBWebView\Local State

Filesize
23KB

MD5
85b10e29a8b3ccba421570ffb1b1e240

SHA1
9ac394a0c080c73267a22409665efd2762c6df23

SHA256
cab72cbb67af7dfd4e3fabee633cf01e3d43514fe156b4e7e61a367009c501fe

SHA512
0b827d76be877261ab1af7e42304f764873c0f70ebdb8ae028f15c86da3a21a7384f8080a8644eab6910ec69f57293603469346e8a7c75f9b6c38bcd117142c1

Download Submit
C:\Users\Admin\AppData\Local\Temp\net6.0-windows\lib\WebView2Files\EBWebView\Local State

Filesize
23KB

MD5
1a63ac8536a406767827aa0530949376

SHA1
cc5697d1296d204a752e3955ad072fb48cb211c4

SHA256
9ab251a634a9b002203db436000fe3a94a7d7a306a9e7152a8110b255321e98e

SHA512
73f343ab73b15c19234e9c76606829dae678fbcc76e3eea5a0ce72ead4e01b1c7fc638b393c11dc235c09e5a80a98815e5f2088581c322c2415e9c2211b37345

Download Submit
C:\Users\Admin\AppData\Local\Temp\net6.0-windows\lib\WebView2Files\EBWebView\Trust Protection Lists\1.0.0.26\Mu\Advertising

Filesize
24KB

MD5
131857baba78228374284295fcab3d66

SHA1
180e53e0f9f08745f28207d1f7b394455cf41543

SHA256
b1666e1b3d0b31e147dc047e0e1c528939a53b419c6be4c8278ee30a0a2dbd49

SHA512
c84c3794af8a3a80bb8415f18d003db502e8cb1d04b555f1a7eef8977c9f24e188ae28fc4d3223b52eab4046342b2f8fd0d7461130f3636609214a7b57f49cb4

Download Submit
C:\Users\Admin\AppData\Local\Temp\net6.0-windows\lib\WebView2Files\EBWebView\Trust Protection Lists\1.0.0.26\Mu\Analytics

Filesize
4KB

MD5
da298eacf42b8fd3bf54b5030976159b

SHA1
a976f4f5e2d81f80dc0e8a10595190f35e9d324b

SHA256
3abd2e1010e8824f200878942e0850d6e2620a2f0f15b87d32e2451fdda962ec

SHA512
5bf24c2df7cc12c91d1fb47802dbac283244c1010baa68bfae9eb5eb8ee25758156bb1e21f6cc3f55e7d71e5c330888ffd41469b2630eb86237c9970d7ede75e

Download Submit
C:\Users\Admin\AppData\Local\Temp\net6.0-windows\lib\WebView2Files\EBWebView\Trust Protection Lists\1.0.0.26\Mu\CompatExceptions

Filesize
689B

MD5
108de320dc5348d3b6af1f06a4374407

SHA1
90aa226d3c9d50cf4435ecdd2b8b0086d8edeb8b

SHA256
5b462316a51c918d0bae95959bf827cb9c72bbd84ffb0e43b750aa91fbf3ba53

SHA512
70f30c45e20b7cddd0cba6476af9338975cec8e40b8b19603af5fa859a34c6eb2138957daaa263633fe65213e2186402d05d9d29ad53e8f311335555116314c2

Download Submit
C:\Users\Admin\AppData\Local\Temp\net6.0-windows\lib\WebView2Files\EBWebView\Trust Protection Lists\1.0.0.26\Mu\Content

Filesize
6KB

MD5
97ea4c3bfaadcb4b176e18f536d8b925

SHA1
61f2eae05bf91d437da7a46a85cbaa13d5a7c7af

SHA256
72ec1479e9cc7f90cf969178451717966c844889b715dff05d745915904b9554

SHA512
5a82729fd2dce487d5f6ac0c34c077228bee5db55bf871d300fcbbd2333b1ee988d5f20ef4d8915d601bd9774e6fa782c8580edca24a100363c0cdce06e5503f

Download Submit
C:\Users\Admin\AppData\Local\Temp\net6.0-windows\lib\WebView2Files\EBWebView\Trust Protection Lists\1.0.0.26\Mu\Cryptomining

Filesize
1KB

MD5
16779f9f388a6dbefdcaa33c25db08f6

SHA1
d0bfd4788f04251f4f2ac42be198fb717e0046ae

SHA256
75ad2a4d85c1314632e3ac0679169ba92ef0a0f612f73a80fdd0bc186095b639

SHA512
abd55eff87b4445694b3119176007f71cf71c277f20ea6c4dcadfb027fdce78f7afbcf7a397bd61bd2fa4bc452e03087a9e0e8b9cc5092ec2a631c1ebb00ee25

Download Submit
C:\Users\Admin\AppData\Local\Temp\net6.0-windows\lib\WebView2Files\EBWebView\Trust Protection Lists\1.0.0.26\Mu\Entities

Filesize
68KB

MD5
571c13809cc4efaff6e0b650858b9744

SHA1
83e82a841f1565ad3c395cbc83cb5b0a1e83e132

SHA256
ab204851f39da725b5a73b040519c2e6aaf52cb7a537c75802cb25248d02ec1b

SHA512
93ff4625866abf7cd96324528df2f56ecb358235ff7e63438ac37460aeb406a5fb97084e104610bb1d7c2e8693cabedc6239b95449e9abb90252a353038cb2a2

Download Submit
C:\Users\Admin\AppData\Local\Temp\net6.0-windows\lib\WebView2Files\EBWebView\Trust Protection Lists\1.0.0.26\Mu\Fingerprinting

Filesize
1KB

MD5
b46196ad79c9ef6ddacc36b790350ca9

SHA1
3df9069231c232fe8571a4772eb832fbbe376c23

SHA256
a918dd0015bcd511782ea6f00eed35f77456944981de7fd268471f1d62c7eaa3

SHA512
61d6da8ee2ca07edc5d230bdcbc5302a2c6e3a9823e95ccfd3896d2e09a0027fece76f2c1ea54e8a8c4fa0e3cf885b35f3ff2e6208bf1d2a2757f2cbcdf01039

Download Submit
C:\Users\Admin\AppData\Local\Temp\net6.0-windows\lib\WebView2Files\EBWebView\Trust Protection Lists\1.0.0.26\Mu\Other

Filesize
34B

MD5
cd0395742b85e2b669eaec1d5f15b65b

SHA1
43c81d1c62fc7ff94f9364639c9a46a0747d122e

SHA256
2b4a47b82cbe70e34407c7df126a24007aff8b45d5716db384d27cc1f3b30707

SHA512
4df2ce734e2f7bc5f02bb7845ea801b57dcf649565dd94b1b71f578b453ba0a17c61ccee73e7cff8f23cdd6aa37e55be5cb15f4767ff88a9a06de3623604fbf0

Download Submit
C:\Users\Admin\AppData\Local\Temp\net6.0-windows\lib\WebView2Files\EBWebView\Trust Protection Lists\1.0.0.26\Mu\Social

Filesize
355B

MD5
4c817c4cb035841975c6738aa05742d9

SHA1
1d89da38b339cd9a1aadfc824ed8667018817d4e

SHA256
4358939a5a0b4d51335bf8f4adb43de2114b54f3596f9e9aacbdb3e52bef67e6

SHA512
fa8e1e8aa00bf83f16643bf6a22c63649402efe70f13cd289f51a6c1172f504fedd7b63fc595fb867ecb9d235b8a0ea032b03d861ebb145f0f6a7d5629df8486

Download Submit
C:\Users\Admin\AppData\Local\Temp\net6.0-windows\lib\WebView2Files\EBWebView\Trust Protection Lists\1.0.0.26\Sigma\Advertising

Filesize
2KB

MD5
326ddffc1f869b14073a979c0a34d34d

SHA1
df08e9d94ad0fad7cc7d2d815ee7d8b82ec26e63

SHA256
d4201efd37aec4552e7aa560a943b4a8d10d08af19895e6a70991577609146fb

SHA512
3822e64ca9cf23e50484afcc2222594b4b2c7cd8c4e411f557abea851ae7cbd57f10424c0c9d8b0b6a5435d6f28f3b124c5bc457a239f0a2f0caf433b01da83f

Download Submit
C:\Users\Admin\AppData\Local\Temp\net6.0-windows\lib\WebView2Files\EBWebView\Trust Protection Lists\1.0.0.26\Sigma\Analytics

Filesize
432B

MD5
01f1f3c305218510ccd9aaa42aee9850

SHA1
fbf3e681409d9fb4d36cba1f865b5995de79118c

SHA256
62d7286cd7f74bdfda830ee5a48bce735ee3661bda8ceac9903b5627cbd0b620

SHA512
e5b665e981f702a4a211d0569bb0bc42e3c29b76b3f75aaf8dc173f16f18f7c443f5cf0ccf1550df3aa2b151e607969c2c90ab1a6e7a910dfeb83854cea4e690

Download Submit
C:\Users\Admin\AppData\Local\Temp\net6.0-windows\lib\WebView2Files\EBWebView\Trust Protection Lists\1.0.0.26\Sigma\Content

Filesize
48B

MD5
7b0b4a9aafc18cf64f4d4daf365d2d8d

SHA1
e9ed1ecbec6cccfefe00f9718c93db3d66851494

SHA256
0b55eb3f97535752d3c1ef6cebe614b9b67dddfcfd3c709b84c6ecad6d105d43

SHA512
a579069b026ed2aaef0bd18c3573c77bfb5e0e989c37c64243b12ee4e59635aaa9d9c9746f82dcc16ca85f091ec4372c63e294c25e48dfffbed299567149c4e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\net6.0-windows\lib\WebView2Files\EBWebView\Trust Protection Lists\1.0.0.26\Sigma\Cryptomining

Filesize
32B

MD5
4ec1eda0e8a06238ff5bf88569964d59

SHA1
a2e78944fcac34d89385487ccbbfa4d8f078d612

SHA256
696e930706b5d391eb8778f73b0627ffc2be7f6c9a3e7659170d9d37fc4a97b5

SHA512
c9b1ed7b61f26d94d7f5eded2d42d40f3e4300eee2319fe28e04b25cdb6dd92daf67828bff453bf5fc8d7b6ceb58cab319fc0daac9b0050e27a89efe74d2734e

Download Submit
C:\Users\Admin\AppData\Local\Temp\net6.0-windows\lib\WebView2Files\EBWebView\Trust Protection Lists\1.0.0.26\Sigma\Entities

Filesize
42KB

MD5
f446eb7054a356d9e803420c8ec41256

SHA1
98a1606a2ba882106177307ae11ec76cfb1a07ee

SHA256
4dc67d4b882621a93ffdb21a198a48a0bc491148c91208cf440af5f0de3ef640

SHA512
3cc3a521b297e4f48ed4ba29866a5ade380c9f0c06d85bea4140e24b05c6762d645df3d03d0a7058383b559baa3ae34ad3ed2b06017e91a061632862911a823b

Download Submit
C:\Users\Admin\AppData\Local\Temp\net6.0-windows\lib\WebView2Files\EBWebView\Trust Protection Lists\1.0.0.26\Sigma\Fingerprinting

Filesize
172B

MD5
3852430540e0356d1ba68f31be011533

SHA1
d3f622450bcf0ced36d9d9c0aad630ebccfcb7ff

SHA256
f1f413704c32a28a31a646f60cad36cc2da793e143f70eee72ae56f736df8054

SHA512
7a4faa493c141ea88d6cd933dfc0b50ef6d25983323db2b931c7512e039859d60c4935e56b771264ca72b45c035b1962ad8680d616eaaf04fbc5a6e0b674e435

Download Submit
C:\Users\Admin\AppData\Local\Temp\net6.0-windows\lib\WebView2Files\EBWebView\Trust Protection Lists\1.0.0.26\Sigma\Other

Filesize
91B

MD5
09cedaa60eab8c7d7644d81cf792fe76

SHA1
e68e199c88ea96fcb94b720f300f7098b65d1858

SHA256
c8505ea2fe1b8f81a1225e4214ad07d8d310705be26b3000d7df8234e0d1f975

SHA512
564f8e5c85208adabb4b10763084b800022bb6d6d74874102e2f49cc8f17899ce18570af1f462aa592a911e49086a2d1c2d750b601eedd2f61d1731689a0a403

Download Submit
C:\Users\Admin\AppData\Local\Temp\net6.0-windows\lib\WebView2Files\EBWebView\Trust Protection Lists\1.0.0.26\Sigma\Social

Filesize
3KB

MD5
318801ce3611c0d25c65b809dd9b5b3c

SHA1
b9d07f2aa9da1d83180dc24459093e20fe9cf1d8

SHA256
2458da5d79b393459520e1319937cfc39caadbc2294f175659fae5df804e1d03

SHA512
7daff0253da90f35bf00141b53d39c7cadacf451a7ecf1667c4ca6e8aed59a0c4a6b44ddc2afffa690e12c2134eddb9f46f72e4317ce99c307d9e524a5fd1103

Download Submit
C:\Users\Admin\AppData\Local\Temp\net6.0-windows\lib\WebView2Files\EBWebView\Trust Protection Lists\1.0.0.26\Sigma\Staging

Filesize
16KB

MD5
39bdf35ac4557a2d2a4efdeeb038723e

SHA1
9703ca8af3432b851cb5054036de32f8ba7b083f

SHA256
04441a10b0b1deee7996e298949ac3b029bd7c24257faf910fe14f9996ba12ae

SHA512
732337f7b955e6acaf1e3aaa3395bc44c80197d204bd3cbb3e201b6177af6153cc9d7b22ad0e90b36796f92b0022806c32ac763eaec733b234503890900bf284

Download Submit
memory/1096-187-0x00000150E3D00000-0x00000150E3E20000-memory.dmp

Filesize
1.1MB

Download
memory/1648-169-0x000001D2DC340000-0x000001D2DC460000-memory.dmp

Filesize
1.1MB

Download
memory/1648-148-0x000001D2DC340000-0x000001D2DC460000-memory.dmp

Filesize
1.1MB

Download
memory/1648-120-0x000001D2DC340000-0x000001D2DC460000-memory.dmp

Filesize
1.1MB

Download
memory/1648-275-0x000001D2DC340000-0x000001D2DC460000-memory.dmp

Filesize
1.1MB

Download
memory/1648-20-0x00007FFB4D1D0000-0x00007FFB4D1D1000-memory.dmp

Filesize
4KB

Download
memory/1648-103-0x000001D2DC340000-0x000001D2DC460000-memory.dmp

Filesize
1.1MB

Download
memory/1812-0-0x00007FFB3F5FB000-0x00007FFB3F5FC000-memory.dmp

Filesize
4KB

Download
memory/2428-104-0x00000287C4740000-0x00000287C4860000-memory.dmp

Filesize
1.1MB

Download
memory/2552-243-0x000001C924600000-0x000001C924720000-memory.dmp

Filesize
1.1MB

Download
memory/3612-107-0x00000260CDC50000-0x00000260CDD70000-memory.dmp

Filesize
1.1MB

Download