a729c3b177e3287ec6013424ea02ebf32484111b34ae0c1b1d43483147d7bd43

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
05-09-2024 13:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Swiftrix.exe
Size

9.1MB
MD5

c060fb9149029fb62e59dc54c4293000
SHA1

69f24a29f95b59b04dbe49dfb3d1f2699d1c8696
SHA256

a00590bac6cc46ae52a811de28985851d6af9496e0509b4d8bad66a2592ec32e
SHA512

527fe98c9c614a2c0bf4cc7ced1106c8c19cf7646dfb211c4fde16197398dddfce7f26ffa18081fd0b054c9da91bbbf80b96cbb091c8a5c7106c93a43ad36f33
SSDEEP

196608:VgLUED7Gu6DJieLayz4IK6eyTbp9Ek+lNKq:ufGlJT7nTbfKKq

Score

4^/10

discovery

Malware Config

Signatures

Drops file in Windows directory 3 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Fonts\Montserrat-Regular.ttf	Swiftrix.exe
File created	C:\Windows\Fonts\Montserrat-Bold.ttf	Swiftrix.exe
File created	C:\Windows\Fonts\Montserrat-Regular.ttf	Swiftrix.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133700171414997383"	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
456	msedge.exe
456	msedge.exe
4516	msedge.exe
4516	msedge.exe
2696	chrome.exe
2696	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
4516	msedge.exe
4516	msedge.exe
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	3892	Swiftrix.exe
Token: 33	2364	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2364	AUDIODG.EXE
Token: SeShutdownPrivilege	2696	chrome.exe
Token: SeCreatePagefilePrivilege	2696	chrome.exe
Token: SeShutdownPrivilege	2696	chrome.exe
Token: SeCreatePagefilePrivilege	2696	chrome.exe
Token: SeShutdownPrivilege	2696	chrome.exe
Token: SeCreatePagefilePrivilege	2696	chrome.exe
Token: SeShutdownPrivilege	2696	chrome.exe
Token: SeCreatePagefilePrivilege	2696	chrome.exe
Token: SeShutdownPrivilege	2696	chrome.exe
Token: SeCreatePagefilePrivilege	2696	chrome.exe
Token: SeShutdownPrivilege	2696	chrome.exe
Token: SeCreatePagefilePrivilege	2696	chrome.exe
Token: SeShutdownPrivilege	2696	chrome.exe
Token: SeCreatePagefilePrivilege	2696	chrome.exe
Token: SeShutdownPrivilege	2696	chrome.exe
Token: SeCreatePagefilePrivilege	2696	chrome.exe
Token: SeShutdownPrivilege	2696	chrome.exe
Token: SeCreatePagefilePrivilege	2696	chrome.exe
Token: SeShutdownPrivilege	2696	chrome.exe
Token: SeCreatePagefilePrivilege	2696	chrome.exe
Token: SeShutdownPrivilege	2696	chrome.exe
Token: SeCreatePagefilePrivilege	2696	chrome.exe
Token: SeShutdownPrivilege	2696	chrome.exe
Token: SeCreatePagefilePrivilege	2696	chrome.exe
Token: SeShutdownPrivilege	2696	chrome.exe
Token: SeCreatePagefilePrivilege	2696	chrome.exe
Token: SeShutdownPrivilege	2696	chrome.exe
Token: SeCreatePagefilePrivilege	2696	chrome.exe
Token: SeShutdownPrivilege	2696	chrome.exe
Token: SeCreatePagefilePrivilege	2696	chrome.exe
Token: SeShutdownPrivilege	2696	chrome.exe
Token: SeCreatePagefilePrivilege	2696	chrome.exe
Token: SeShutdownPrivilege	2696	chrome.exe
Token: SeCreatePagefilePrivilege	2696	chrome.exe
Token: SeShutdownPrivilege	2696	chrome.exe
Token: SeCreatePagefilePrivilege	2696	chrome.exe
Token: SeShutdownPrivilege	2696	chrome.exe
Token: SeCreatePagefilePrivilege	2696	chrome.exe
Token: SeShutdownPrivilege	2696	chrome.exe
Token: SeCreatePagefilePrivilege	2696	chrome.exe
Token: SeShutdownPrivilege	2696	chrome.exe
Token: SeCreatePagefilePrivilege	2696	chrome.exe
Token: SeShutdownPrivilege	2696	chrome.exe
Token: SeCreatePagefilePrivilege	2696	chrome.exe
Token: SeShutdownPrivilege	2696	chrome.exe
Token: SeCreatePagefilePrivilege	2696	chrome.exe
Token: SeShutdownPrivilege	2696	chrome.exe
Token: SeCreatePagefilePrivilege	2696	chrome.exe
Token: SeShutdownPrivilege	2696	chrome.exe
Token: SeCreatePagefilePrivilege	2696	chrome.exe
Token: SeShutdownPrivilege	2696	chrome.exe
Token: SeCreatePagefilePrivilege	2696	chrome.exe
Token: SeShutdownPrivilege	2696	chrome.exe
Token: SeCreatePagefilePrivilege	2696	chrome.exe
Token: SeShutdownPrivilege	2696	chrome.exe
Token: SeCreatePagefilePrivilege	2696	chrome.exe
Token: SeShutdownPrivilege	2696	chrome.exe
Token: SeCreatePagefilePrivilege	2696	chrome.exe
Token: SeShutdownPrivilege	2696	chrome.exe
Token: SeCreatePagefilePrivilege	2696	chrome.exe
Token: SeShutdownPrivilege	2696	chrome.exe

Suspicious use of FindShellTrayWindow 52 IoCs

pid	Process
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3892 wrote to memory of 4516	3892	Swiftrix.exe	95
PID 3892 wrote to memory of 4516	3892	Swiftrix.exe	95
PID 4516 wrote to memory of 3276	4516	msedge.exe	96
PID 4516 wrote to memory of 3276	4516	msedge.exe	96
PID 4516 wrote to memory of 824	4516	msedge.exe	97
PID 4516 wrote to memory of 824	4516	msedge.exe	97
PID 4516 wrote to memory of 824	4516	msedge.exe	97
PID 4516 wrote to memory of 824	4516	msedge.exe	97
PID 4516 wrote to memory of 824	4516	msedge.exe	97
PID 4516 wrote to memory of 824	4516	msedge.exe	97
PID 4516 wrote to memory of 824	4516	msedge.exe	97
PID 4516 wrote to memory of 824	4516	msedge.exe	97
PID 4516 wrote to memory of 824	4516	msedge.exe	97
PID 4516 wrote to memory of 824	4516	msedge.exe	97
PID 4516 wrote to memory of 824	4516	msedge.exe	97
PID 4516 wrote to memory of 824	4516	msedge.exe	97
PID 4516 wrote to memory of 824	4516	msedge.exe	97
PID 4516 wrote to memory of 824	4516	msedge.exe	97
PID 4516 wrote to memory of 824	4516	msedge.exe	97
PID 4516 wrote to memory of 824	4516	msedge.exe	97
PID 4516 wrote to memory of 824	4516	msedge.exe	97
PID 4516 wrote to memory of 824	4516	msedge.exe	97
PID 4516 wrote to memory of 824	4516	msedge.exe	97
PID 4516 wrote to memory of 824	4516	msedge.exe	97
PID 4516 wrote to memory of 824	4516	msedge.exe	97
PID 4516 wrote to memory of 824	4516	msedge.exe	97
PID 4516 wrote to memory of 824	4516	msedge.exe	97
PID 4516 wrote to memory of 824	4516	msedge.exe	97
PID 4516 wrote to memory of 824	4516	msedge.exe	97
PID 4516 wrote to memory of 824	4516	msedge.exe	97
PID 4516 wrote to memory of 824	4516	msedge.exe	97
PID 4516 wrote to memory of 824	4516	msedge.exe	97
PID 4516 wrote to memory of 824	4516	msedge.exe	97
PID 4516 wrote to memory of 824	4516	msedge.exe	97
PID 4516 wrote to memory of 824	4516	msedge.exe	97
PID 4516 wrote to memory of 824	4516	msedge.exe	97
PID 4516 wrote to memory of 824	4516	msedge.exe	97
PID 4516 wrote to memory of 824	4516	msedge.exe	97
PID 4516 wrote to memory of 824	4516	msedge.exe	97
PID 4516 wrote to memory of 824	4516	msedge.exe	97
PID 4516 wrote to memory of 824	4516	msedge.exe	97
PID 4516 wrote to memory of 824	4516	msedge.exe	97
PID 4516 wrote to memory of 824	4516	msedge.exe	97
PID 4516 wrote to memory of 824	4516	msedge.exe	97
PID 4516 wrote to memory of 456	4516	msedge.exe	98
PID 4516 wrote to memory of 456	4516	msedge.exe	98
PID 4516 wrote to memory of 4664	4516	msedge.exe	99
PID 4516 wrote to memory of 4664	4516	msedge.exe	99
PID 4516 wrote to memory of 4664	4516	msedge.exe	99
PID 4516 wrote to memory of 4664	4516	msedge.exe	99
PID 4516 wrote to memory of 4664	4516	msedge.exe	99
PID 4516 wrote to memory of 4664	4516	msedge.exe	99
PID 4516 wrote to memory of 4664	4516	msedge.exe	99
PID 4516 wrote to memory of 4664	4516	msedge.exe	99
PID 4516 wrote to memory of 4664	4516	msedge.exe	99
PID 4516 wrote to memory of 4664	4516	msedge.exe	99
PID 4516 wrote to memory of 4664	4516	msedge.exe	99
PID 4516 wrote to memory of 4664	4516	msedge.exe	99
PID 4516 wrote to memory of 4664	4516	msedge.exe	99
PID 4516 wrote to memory of 4664	4516	msedge.exe	99
PID 4516 wrote to memory of 4664	4516	msedge.exe	99
PID 4516 wrote to memory of 4664	4516	msedge.exe	99
PID 4516 wrote to memory of 4664	4516	msedge.exe	99
PID 4516 wrote to memory of 4664	4516	msedge.exe	99

C:\Users\Admin\AppData\Local\Temp\Swiftrix.exe
"C:\Users\Admin\AppData\Local\Temp\Swiftrix.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/o/oauth2/v2/auth?client_id=954791239771-kf5q41fusve7ug88t1o0f8e8pcnmo85a.apps.googleusercontent.com&redirect_uri=https%3A%2F%2Fgoogle.swiftrix.net%2Fgoogle-redirect&response_type=code&scope=https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fuserinfo.email%20https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fuserinfo.profile&state=72a4a511-4da7-4be1-bbc7-c1235f6e16fd&access_type=offline
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:4516
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xe0,0x108,0x7ffd637c46f8,0x7ffd637c4708,0x7ffd637c4718
    3⤵
    PID:3276
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2200,11395250549070729928,1914953790669720514,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2216 /prefetch:2
    3⤵
    PID:824
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2200,11395250549070729928,1914953790669720514,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2276 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:456
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2200,11395250549070729928,1914953790669720514,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2664 /prefetch:8
    3⤵
    PID:4664
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,11395250549070729928,1914953790669720514,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
    3⤵
    PID:2272
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,11395250549070729928,1914953790669720514,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
    3⤵
    PID:3516

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x510 0x41c
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2364

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3112

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4956

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffd67a0cc40,0x7ffd67a0cc4c,0x7ffd67a0cc58
  2⤵
  PID:1732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2068,i,1051618678712451953,14244536570151310142,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2064 /prefetch:2
  2⤵
  PID:4940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1820,i,1051618678712451953,14244536570151310142,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2432 /prefetch:3
  2⤵
  PID:3540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2136,i,1051618678712451953,14244536570151310142,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1976 /prefetch:8
  2⤵
  PID:1568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3164,i,1051618678712451953,14244536570151310142,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3184 /prefetch:1
  2⤵
  PID:5052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3192,i,1051618678712451953,14244536570151310142,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3348 /prefetch:1
  2⤵
  PID:2968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4200,i,1051618678712451953,14244536570151310142,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4532 /prefetch:1
  2⤵
  PID:1904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4880,i,1051618678712451953,14244536570151310142,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4952 /prefetch:8
  2⤵
  PID:4376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5140,i,1051618678712451953,14244536570151310142,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5156 /prefetch:8
  2⤵
  PID:2144
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4168,i,1051618678712451953,14244536570151310142,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4968 /prefetch:1
  2⤵
  PID:3932

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4756

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4856

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
9e043f9659fe49e64e95ab936af03e65

SHA1
95e969e4aa732c0d30e681225bcb490a2c742390

SHA256
23ad48a688eebbd41eda3eeaf847a27346f65e31e817f2494f1721c42ab613f1

SHA512
f0a1fb854eb23972e0807d1dad8261b90bd7ddf93106b5391478340e2732e74b955b4e08b03c52a139e0d51a343b8f86b2a03b1aa19f7f2ca3f3e569fb911deb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
212KB

MD5
08ec57068db9971e917b9046f90d0e49

SHA1
28b80d73a861f88735d89e301fa98f2ae502e94b

SHA256
7a68efe41e5d8408eed6e9d91a7b7b965a3062e4e28eeffeefb8cdba6391f4d1

SHA512
b154142173145122bc49ddd7f9530149100f6f3c5fd2f2e7503b13f7b160147b8b876344f6faae5e8616208c51311633df4c578802ac5d34c005bb154e9057cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\3780eb00-d0c6-4917-8ed1-ce9f9f1b66fe.tmp

Filesize
1KB

MD5
d53b064859aacf38a6eb017ff181d1b6

SHA1
1efa662e14eaedd7e099af2fe075904b6009f8a8

SHA256
0647ad631bf9ab1c6178a572525c1642df4709cec1e16046dece52b473b5e606

SHA512
e77a54a69b0d8ea4b897cb04b960ee037da6b43fabd8417c33d56372005bd1a3564f3a265f2910493cf969ad57d30de661994cf1bd6c74e13b12eb5120d855e6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
13ec4ff82ad9efca95b7b9e81506cf5b

SHA1
9e1b5557eac81c4c0ce315cacff73e27090bd7e0

SHA256
1ee3291173c417e75a0bcf993fa9999c10eb42e45d74093a05bc09e8680929ef

SHA512
e0bdca54fa11d4afd2075356125aeb87561a022515ee22297734b2c52415a147c57072a69766816088b81863152d5e74bb338235d38b7e0b8c19ec568275dd4a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
714e96a64a187ebad725d895fcd053bd

SHA1
032992c1de6879f1920b9ea28ca1141d2da53e3a

SHA256
b2581dac2d2c9ec2940d1c6fc625016b922318284c1147ac4796918116f9db08

SHA512
67f7caf62afa44781baded5ee8991ee79ceebff884bdb612b85453e48ca750c779cdb938f45a4115ca22f31d678c74c21d8d406f78528ee9aeb2ae62d14ca01a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b4f931f57dfb7754e17d670feaecb239

SHA1
6139d3bab3daa20d4b3fc8ec8592ce31a99e6bb4

SHA256
b838adf30d0cd34d7e411cf6b438387b48e526253237e052b1140f0de1db99c4

SHA512
6714baa4efb47174a929d8015a8c07fa418996c9f63ed0b71f9c87939b4460c0113a933afb595807122109e683b44b76fd09272615fd67b8416ad37b948b6c09

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
9ac1daf3be5c81f05b3280e041d244ef

SHA1
706423b4378feb9dd65b523ec29017c3308a8249

SHA256
cf9ab3f17aac0aee00c2c375f9c38406d3b34d41dc80278011343b087312b617

SHA512
c4a9ee66878a35aa2adcbd59e01c19701dcd065d389e573173c43b72fbb9dc6f074d7447b3fa32add14b69dc67ffe4b426e904136b4914aed33bcb423120fe52

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
20be8af1fa7d2330ad3ee010a3d90ded

SHA1
abfcdd8a54f70728aa9e3a013aa068bfb4f3003e

SHA256
81324f0ab1c4fb58b8d7734991d010ecbbd138488363f824c2c2d1ea818f6919

SHA512
aeb0442657bf9ca5e37fd330fe92fe183b968b136de9e22aa2bc4ce1828717a0033f1149770f5616583137bbc63b2d0f7ed360ed29b873ba931f4ab81fd7d532

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\c01a95fa-3121-4025-a5e1-384adc82129e.tmp

Filesize
9KB

MD5
37aac95af0828d100b82d29ff677e40e

SHA1
e04b1af71c8579187d14dda9c6d75ebd045b9fa0

SHA256
13c36e4d5925e2cf40ce99291a959d1ff740e2b28e732783be43400ea6caf182

SHA512
dd1199d4d8c8c5ba2f11e01a8ec5c34173f47439dc85f371d4feeaae221bea20d6f17a89c1612e97939a397d8f85daab8fcf1c7276ff6bfeb030889457b84f95

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
205KB

MD5
bae66006053f80cb115b826765c20948

SHA1
44d11779a9b9f56e297d07e486b102e7f0ecd536

SHA256
b82722cca2ac73848aea1cd8695a4abc61788b07528a5737f150bf73fa15631e

SHA512
fd6ec60a62b68bd1f596ddecfc34a2e7462a8490b60b2b52ce66f443eb120ece2e635fda4fa88e9939ea4eb199baa0cc2b48b522134b0cb0cc48ac0ae8739389

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
205KB

MD5
994dd3b96432be2131cafdd4d85144ee

SHA1
ce07bdc0a6340b8157ba50bcd8b1f3545c4a486f

SHA256
e6ed1b6a871c76967d2b2f611d48ca6fa33ff4129667d00dfc3b84fb9e3cfdfe

SHA512
908e62505695751f22de2298610cf005391e0747858c0f4715d967c4c254b161b9ad0a4115b81132038196ae18b527001159b834de0e0aae2b9189bc03c7c7e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2dc1a9f2f3f8c3cfe51bb29b078166c5

SHA1
eaf3c3dad3c8dc6f18dc3e055b415da78b704402

SHA256
dcb76fa365c2d9ee213b224a91cdd806d30b1e8652d72a22f2371124fa4479fa

SHA512
682061d9cc86a6e5d99d022da776fb554350fc95efbf29cd84c1db4e2b7161b76cd1de48335bcc3a25633079fb0bd412e4f4795ed6291c65e9bc28d95330bb25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e4f80e7950cbd3bb11257d2000cb885e

SHA1
10ac643904d539042d8f7aa4a312b13ec2106035

SHA256
1184ee8d32d0edecddd93403fb888fad6b3e2a710d37335c3989cc529bc08124

SHA512
2b92c9807fdcd937e514d4e7e1cc7c2d3e3aa162099b7289ceac2feea72d1a4afbadf1c09b3075d470efadf9a9edd63e07ea7e7a98d22243e45b3d53473fa4f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
adbd91c413e3041ec586f0791d0be474

SHA1
3278c7fda90cbb212057743e8b73d1d86044cd59

SHA256
a5abb009da3972f741e2f3898d2f22bd20c63ab0a06fa6d63490695149aac63e

SHA512
25b6bb3be7fbcf3b7d764beb3eff7c7c271fb132844fbb286b3188a6c8083a1a1810a14348978ac7fec3b2402413a9736c20db905c788ba5b241267f21734540

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
820B

MD5
efd2bfb4e9f669fb2bf5b3c3bed1b2c8

SHA1
721c863ab69cca35f478551488b55fb83c152a41

SHA256
8c67e9e43fb00583280fc356a219719a57a401a37b3e8ed3d80549ceefdfa332

SHA512
52a36bfc921932493cea52dd12526abf9ab1a05f1fd46163b9929a761a371c5e4cc8811aedadf791d2b22cc844df005648bb9d285a3024f70e66db7fce68793b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
412f6671a42ea7768019ae892b85bba7

SHA1
52e467fdea6416be25767f60ff1a7b781e1bc903

SHA256
dea66a8517ed6702111ec95474484d1320648ea7dcbb51941dccf48153cda7db

SHA512
2996ba88ea6c487ba0c5644b9c43077dab2ed718760b1437d4bdd5e5185a45a7ad7ae6f44dcab9c0c2cb2032b3e8715fdd30469ff4bfa260b88d792f60e3f711

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
04979fb688e7298f7cff3dccc99904a5

SHA1
e8cde225444141e748b086af16e3c7eaef6e4b42

SHA256
d9826cf442f1be950e51666230ad1f9d1fb7ce3cdf14e0bda5b46c7187c76fab

SHA512
1957f13bd6c1c7d5caa21b6566fe7aa8fd0d37dd900186e7c3d60a68bda903a80ce2cd32ffc12b9fb39a046e99eb43787b56c0a0da94dbf9024834a38d4ba299

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
3bc521dd275831f8c520ff2cb3763244

SHA1
79201bb28d1bf13824374538162a9a54d69f74fb

SHA256
2bffcd44d7d18ab62be1725543216e8d974c2f030aa17e60af7b83dca883578a

SHA512
13551e0030455fa7ede032b795502263ea4a5f43ed4e1b2efa96d2bd1305e6029fdb8739bda2d68c9882d3fea7a93f596952dae32b6777b55f0df5f1e2439207

Download Submit
C:\WINDOWS\FONTS\MONTSERRAT-BOLD.TTF

Filesize
28KB

MD5
d3085f686df272f9e1a267cc69b2d24f

SHA1
bf257f6f91f6522eccea6d4f28d57bb118c98729

SHA256
9cb7dc18ee6175ab86bea008eb7aff1992ea7b06933964d5e2e864090206c20a

SHA512
412f1ad46fecdce40a1b379c4afa1026005fb65e7620641439af7c60746c6b77b5ecfc640feaf7f01a37dd9bc81c06f78b3779ff2d9ea53276cd7c963ac92626

Download Submit
C:\WINDOWS\FONTS\MONTSERRAT-REGULAR.TTF

Filesize
28KB

MD5
07689d4eaaa3d530d58826b5d7f84735

SHA1
9ca420aa453eb243037970c0c1c1adfe289f510f

SHA256
32f9bdc73ecf308a19c0e918b407e12da12b6cd9a667decdc2ddcb74f457839a

SHA512
177b33e55940d749d2c4c9d96b1ac60c39425b985783cb785edad4b46da6aa1d70d3013621f5b955e16ecef8a5cf5ac238302c3762c47ef6e51172c9e511f779

Download Submit
memory/3892-14-0x00007FFD692A0000-0x00007FFD69D61000-memory.dmp

Filesize
10.8MB

Download
memory/3892-139-0x00007FFD692A0000-0x00007FFD69D61000-memory.dmp

Filesize
10.8MB

Download
memory/3892-50-0x00007FFD692A0000-0x00007FFD69D61000-memory.dmp

Filesize
10.8MB

Download
memory/3892-41-0x00007FFD692A0000-0x00007FFD69D61000-memory.dmp

Filesize
10.8MB

Download
memory/3892-0-0x00007FFD692A3000-0x00007FFD692A5000-memory.dmp

Filesize
8KB

Download
memory/3892-13-0x00007FFD692A3000-0x00007FFD692A5000-memory.dmp

Filesize
8KB

Download
memory/3892-12-0x00007FFD692A0000-0x00007FFD69D61000-memory.dmp

Filesize
10.8MB

Download
memory/3892-11-0x00007FFD692A0000-0x00007FFD69D61000-memory.dmp

Filesize
10.8MB

Download
memory/3892-10-0x00007FFD692A0000-0x00007FFD69D61000-memory.dmp

Filesize
10.8MB

Download
memory/3892-3-0x00007FFD692A0000-0x00007FFD69D61000-memory.dmp

Filesize
10.8MB

Download
memory/3892-2-0x000002BBA7890000-0x000002BBA7FF8000-memory.dmp

Filesize
7.4MB

Download
memory/3892-1-0x000002BB8C960000-0x000002BB8D284000-memory.dmp

Filesize
9.1MB

Download