74faf334cb0bdd3e9dfab8c323d4eb3b9b089bcaadc7dbd639d9aa93a4f6f829

Resubmissions

14-08-2024 12:46

240814-pzt4baxerj 10

14-08-2024 12:46

240814-pzp5csxeqn 10

07-06-2024 13:20

240607-qld1lsgf8w 10

Analysis

max time kernel
1049s
max time network
1026s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
07-06-2024 13:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

x360ce.exe
Size

14.7MB
MD5

be80f3348b240bcee1aa96d33fe0e768
SHA1

40ea5de9a7a15f6e0d891cd1ba4bca8519bb85ed
SHA256

74faf334cb0bdd3e9dfab8c323d4eb3b9b089bcaadc7dbd639d9aa93a4f6f829
SHA512

dfb3b191152981f21180e93597c7b1891da6f10b811db2c8db9f45bbecc9feb54bc032bdd648c7ad1134e9b09e5e2b9705d5e21294e1ae328a4390350745536a
SSDEEP

196608:n+/7/fO/vBSVnf+viDyJBwhsCArf+viDyJBQhsCAaIF/f+viDyJBaF9hsCA6EJ0k:nX/vu0Bwhs8vu0BQhsvFOvu0BaF9hsR

Score

4^/10

discovery

Malware Config

Signatures

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Windows directory 6 IoCs

Processes:

x360ce.exe

description	ioc	Process
File created	C:\Windows\INF\c_volume.PNF	x360ce.exe
File created	C:\Windows\INF\c_monitor.PNF	x360ce.exe
File created	C:\Windows\INF\c_diskdrive.PNF	x360ce.exe
File created	C:\Windows\INF\c_media.PNF	x360ce.exe
File created	C:\Windows\INF\c_display.PNF	x360ce.exe
File created	C:\Windows\INF\c_processor.PNF	x360ce.exe

Loads dropped DLL 1 IoCs

Processes:

x360ce.exe

pid	Process
1816	x360ce.exe

Checks SCSI registry key(s) 3 TTPs 28 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

x360ce.exe

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\DeviceDesc	x360ce.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\DeviceDesc	x360ce.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A\	x360ce.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName	x360ce.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID	x360ce.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName	x360ce.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001	x360ce.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Mfg	x360ce.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\DeviceDesc	x360ce.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	x360ce.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A\	x360ce.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\DeviceDesc	x360ce.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Mfg	x360ce.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\HardwareID	x360ce.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom	x360ce.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002	x360ce.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\ConfigFlags	x360ce.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	x360ce.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID	x360ce.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\FriendlyName	x360ce.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom	x360ce.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	x360ce.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Mfg	x360ce.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A	x360ce.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A	x360ce.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Mfg	x360ce.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_DADY&PROD_DADY_DVD-ROM\4&215468A5&0&010000	x360ce.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	x360ce.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133622402348654026"	chrome.exe

Suspicious behavior: EnumeratesProcesses 42 IoCs

Processes:

x360ce.exechrome.exechrome.exe

pid	Process
1816	x360ce.exe
1816	x360ce.exe
1816	x360ce.exe
1816	x360ce.exe
1816	x360ce.exe
1816	x360ce.exe
1816	x360ce.exe
1816	x360ce.exe
1816	x360ce.exe
1816	x360ce.exe
1816	x360ce.exe
1816	x360ce.exe
1816	x360ce.exe
1816	x360ce.exe
1816	x360ce.exe
1816	x360ce.exe
1816	x360ce.exe
1816	x360ce.exe
1816	x360ce.exe
1816	x360ce.exe
1816	x360ce.exe
1816	x360ce.exe
1816	x360ce.exe
1816	x360ce.exe
1816	x360ce.exe
1816	x360ce.exe
1816	x360ce.exe
1816	x360ce.exe
1816	x360ce.exe
1816	x360ce.exe
1816	x360ce.exe
1816	x360ce.exe
1816	x360ce.exe
1816	x360ce.exe
1816	x360ce.exe
1816	x360ce.exe
1816	x360ce.exe
1816	x360ce.exe
2348	chrome.exe
2348	chrome.exe
5360	chrome.exe
5360	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

Processes:

chrome.exe

pid	Process
2348	chrome.exe
2348	chrome.exe
2348	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

x360ce.exechrome.exe

description	pid	Process
Token: SeDebugPrivilege	1816	x360ce.exe
Token: SeShutdownPrivilege	2348	chrome.exe
Token: SeCreatePagefilePrivilege	2348	chrome.exe
Token: SeShutdownPrivilege	2348	chrome.exe
Token: SeCreatePagefilePrivilege	2348	chrome.exe
Token: SeShutdownPrivilege	2348	chrome.exe
Token: SeCreatePagefilePrivilege	2348	chrome.exe
Token: SeShutdownPrivilege	2348	chrome.exe
Token: SeCreatePagefilePrivilege	2348	chrome.exe
Token: SeShutdownPrivilege	2348	chrome.exe
Token: SeCreatePagefilePrivilege	2348	chrome.exe
Token: SeShutdownPrivilege	2348	chrome.exe
Token: SeCreatePagefilePrivilege	2348	chrome.exe
Token: SeShutdownPrivilege	2348	chrome.exe
Token: SeCreatePagefilePrivilege	2348	chrome.exe
Token: SeShutdownPrivilege	2348	chrome.exe
Token: SeCreatePagefilePrivilege	2348	chrome.exe
Token: SeShutdownPrivilege	2348	chrome.exe
Token: SeCreatePagefilePrivilege	2348	chrome.exe
Token: SeShutdownPrivilege	2348	chrome.exe
Token: SeCreatePagefilePrivilege	2348	chrome.exe
Token: SeShutdownPrivilege	2348	chrome.exe
Token: SeCreatePagefilePrivilege	2348	chrome.exe
Token: SeShutdownPrivilege	2348	chrome.exe
Token: SeCreatePagefilePrivilege	2348	chrome.exe
Token: SeShutdownPrivilege	2348	chrome.exe
Token: SeCreatePagefilePrivilege	2348	chrome.exe
Token: SeShutdownPrivilege	2348	chrome.exe
Token: SeCreatePagefilePrivilege	2348	chrome.exe
Token: SeShutdownPrivilege	2348	chrome.exe
Token: SeCreatePagefilePrivilege	2348	chrome.exe
Token: SeShutdownPrivilege	2348	chrome.exe
Token: SeCreatePagefilePrivilege	2348	chrome.exe
Token: SeShutdownPrivilege	2348	chrome.exe
Token: SeCreatePagefilePrivilege	2348	chrome.exe
Token: SeShutdownPrivilege	2348	chrome.exe
Token: SeCreatePagefilePrivilege	2348	chrome.exe
Token: SeShutdownPrivilege	2348	chrome.exe
Token: SeCreatePagefilePrivilege	2348	chrome.exe
Token: SeShutdownPrivilege	2348	chrome.exe
Token: SeCreatePagefilePrivilege	2348	chrome.exe
Token: SeShutdownPrivilege	2348	chrome.exe
Token: SeCreatePagefilePrivilege	2348	chrome.exe
Token: SeShutdownPrivilege	2348	chrome.exe
Token: SeCreatePagefilePrivilege	2348	chrome.exe
Token: SeShutdownPrivilege	2348	chrome.exe
Token: SeCreatePagefilePrivilege	2348	chrome.exe
Token: SeShutdownPrivilege	2348	chrome.exe
Token: SeCreatePagefilePrivilege	2348	chrome.exe
Token: SeShutdownPrivilege	2348	chrome.exe
Token: SeCreatePagefilePrivilege	2348	chrome.exe
Token: SeShutdownPrivilege	2348	chrome.exe
Token: SeCreatePagefilePrivilege	2348	chrome.exe
Token: SeShutdownPrivilege	2348	chrome.exe
Token: SeCreatePagefilePrivilege	2348	chrome.exe
Token: SeShutdownPrivilege	2348	chrome.exe
Token: SeCreatePagefilePrivilege	2348	chrome.exe
Token: SeShutdownPrivilege	2348	chrome.exe
Token: SeCreatePagefilePrivilege	2348	chrome.exe
Token: SeShutdownPrivilege	2348	chrome.exe
Token: SeCreatePagefilePrivilege	2348	chrome.exe
Token: SeShutdownPrivilege	2348	chrome.exe
Token: SeCreatePagefilePrivilege	2348	chrome.exe
Token: SeShutdownPrivilege	2348	chrome.exe

Suspicious use of FindShellTrayWindow 29 IoCs

Processes:

x360ce.exechrome.exe

pid	Process
1816	x360ce.exe
1816	x360ce.exe
1816	x360ce.exe
2348	chrome.exe
2348	chrome.exe
2348	chrome.exe
2348	chrome.exe
2348	chrome.exe
2348	chrome.exe
2348	chrome.exe
2348	chrome.exe
2348	chrome.exe
2348	chrome.exe
2348	chrome.exe
2348	chrome.exe
2348	chrome.exe
2348	chrome.exe
2348	chrome.exe
2348	chrome.exe
2348	chrome.exe
2348	chrome.exe
2348	chrome.exe
2348	chrome.exe
2348	chrome.exe
2348	chrome.exe
2348	chrome.exe
2348	chrome.exe
2348	chrome.exe
2348	chrome.exe

Suspicious use of SendNotifyMessage 26 IoCs

Processes:

x360ce.exechrome.exe

pid	Process
1816	x360ce.exe
1816	x360ce.exe
2348	chrome.exe
2348	chrome.exe
2348	chrome.exe
2348	chrome.exe
2348	chrome.exe
2348	chrome.exe
2348	chrome.exe
2348	chrome.exe
2348	chrome.exe
2348	chrome.exe
2348	chrome.exe
2348	chrome.exe
2348	chrome.exe
2348	chrome.exe
2348	chrome.exe
2348	chrome.exe
2348	chrome.exe
2348	chrome.exe
2348	chrome.exe
2348	chrome.exe
2348	chrome.exe
2348	chrome.exe
2348	chrome.exe
2348	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

x360ce.exe

pid	Process
1816	x360ce.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	Process	procid_target
PID 2348 wrote to memory of 4456	2348	chrome.exe	109
PID 2348 wrote to memory of 4456	2348	chrome.exe	109
PID 2348 wrote to memory of 2092	2348	chrome.exe	111
PID 2348 wrote to memory of 2092	2348	chrome.exe	111
PID 2348 wrote to memory of 2092	2348	chrome.exe	111
PID 2348 wrote to memory of 2092	2348	chrome.exe	111
PID 2348 wrote to memory of 2092	2348	chrome.exe	111
PID 2348 wrote to memory of 2092	2348	chrome.exe	111
PID 2348 wrote to memory of 2092	2348	chrome.exe	111
PID 2348 wrote to memory of 2092	2348	chrome.exe	111
PID 2348 wrote to memory of 2092	2348	chrome.exe	111
PID 2348 wrote to memory of 2092	2348	chrome.exe	111
PID 2348 wrote to memory of 2092	2348	chrome.exe	111
PID 2348 wrote to memory of 2092	2348	chrome.exe	111
PID 2348 wrote to memory of 2092	2348	chrome.exe	111
PID 2348 wrote to memory of 2092	2348	chrome.exe	111
PID 2348 wrote to memory of 2092	2348	chrome.exe	111
PID 2348 wrote to memory of 2092	2348	chrome.exe	111
PID 2348 wrote to memory of 2092	2348	chrome.exe	111
PID 2348 wrote to memory of 2092	2348	chrome.exe	111
PID 2348 wrote to memory of 2092	2348	chrome.exe	111
PID 2348 wrote to memory of 2092	2348	chrome.exe	111
PID 2348 wrote to memory of 2092	2348	chrome.exe	111
PID 2348 wrote to memory of 2092	2348	chrome.exe	111
PID 2348 wrote to memory of 2092	2348	chrome.exe	111
PID 2348 wrote to memory of 2092	2348	chrome.exe	111
PID 2348 wrote to memory of 2092	2348	chrome.exe	111
PID 2348 wrote to memory of 2092	2348	chrome.exe	111
PID 2348 wrote to memory of 2092	2348	chrome.exe	111
PID 2348 wrote to memory of 2092	2348	chrome.exe	111
PID 2348 wrote to memory of 2092	2348	chrome.exe	111
PID 2348 wrote to memory of 2092	2348	chrome.exe	111
PID 2348 wrote to memory of 2092	2348	chrome.exe	111
PID 2348 wrote to memory of 2092	2348	chrome.exe	111
PID 2348 wrote to memory of 2092	2348	chrome.exe	111
PID 2348 wrote to memory of 2092	2348	chrome.exe	111
PID 2348 wrote to memory of 2092	2348	chrome.exe	111
PID 2348 wrote to memory of 2092	2348	chrome.exe	111
PID 2348 wrote to memory of 2092	2348	chrome.exe	111
PID 2348 wrote to memory of 2092	2348	chrome.exe	111
PID 2348 wrote to memory of 4192	2348	chrome.exe	112
PID 2348 wrote to memory of 4192	2348	chrome.exe	112
PID 2348 wrote to memory of 2804	2348	chrome.exe	113
PID 2348 wrote to memory of 2804	2348	chrome.exe	113
PID 2348 wrote to memory of 2804	2348	chrome.exe	113
PID 2348 wrote to memory of 2804	2348	chrome.exe	113
PID 2348 wrote to memory of 2804	2348	chrome.exe	113
PID 2348 wrote to memory of 2804	2348	chrome.exe	113
PID 2348 wrote to memory of 2804	2348	chrome.exe	113
PID 2348 wrote to memory of 2804	2348	chrome.exe	113
PID 2348 wrote to memory of 2804	2348	chrome.exe	113
PID 2348 wrote to memory of 2804	2348	chrome.exe	113
PID 2348 wrote to memory of 2804	2348	chrome.exe	113
PID 2348 wrote to memory of 2804	2348	chrome.exe	113
PID 2348 wrote to memory of 2804	2348	chrome.exe	113
PID 2348 wrote to memory of 2804	2348	chrome.exe	113
PID 2348 wrote to memory of 2804	2348	chrome.exe	113
PID 2348 wrote to memory of 2804	2348	chrome.exe	113
PID 2348 wrote to memory of 2804	2348	chrome.exe	113
PID 2348 wrote to memory of 2804	2348	chrome.exe	113
PID 2348 wrote to memory of 2804	2348	chrome.exe	113
PID 2348 wrote to memory of 2804	2348	chrome.exe	113
PID 2348 wrote to memory of 2804	2348	chrome.exe	113
PID 2348 wrote to memory of 2804	2348	chrome.exe	113

C:\Users\Admin\AppData\Local\Temp\x360ce.exe
"C:\Users\Admin\AppData\Local\Temp\x360ce.exe"
1⤵
- Drops file in Windows directory
- Loads dropped DLL
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:1816

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:968

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4172 --field-trial-handle=2236,i,5367110156796017614,12594004256180761011,262144 --variations-seed-version /prefetch:8
1⤵
PID:1524

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffbef0f9758,0x7ffbef0f9768,0x7ffbef0f9778
  2⤵
  PID:4456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1740 --field-trial-handle=1892,i,16485012597498471492,9596210554790679387,131072 /prefetch:2
  2⤵
  PID:2092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 --field-trial-handle=1892,i,16485012597498471492,9596210554790679387,131072 /prefetch:8
  2⤵
  PID:4192
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2212 --field-trial-handle=1892,i,16485012597498471492,9596210554790679387,131072 /prefetch:8
  2⤵
  PID:2804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3120 --field-trial-handle=1892,i,16485012597498471492,9596210554790679387,131072 /prefetch:1
  2⤵
  PID:4092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3152 --field-trial-handle=1892,i,16485012597498471492,9596210554790679387,131072 /prefetch:1
  2⤵
  PID:3548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4644 --field-trial-handle=1892,i,16485012597498471492,9596210554790679387,131072 /prefetch:1
  2⤵
  PID:5224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4804 --field-trial-handle=1892,i,16485012597498471492,9596210554790679387,131072 /prefetch:8
  2⤵
  PID:5316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4824 --field-trial-handle=1892,i,16485012597498471492,9596210554790679387,131072 /prefetch:8
  2⤵
  PID:5324
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5124 --field-trial-handle=1892,i,16485012597498471492,9596210554790679387,131072 /prefetch:8
  2⤵
  PID:5560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5176 --field-trial-handle=1892,i,16485012597498471492,9596210554790679387,131072 /prefetch:8
  2⤵
  PID:5652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2188 --field-trial-handle=1892,i,16485012597498471492,9596210554790679387,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5360

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1592

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4152 --field-trial-handle=2236,i,5367110156796017614,12594004256180761011,262144 --variations-seed-version /prefetch:8
1⤵
PID:840

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\X360CE\Temp\ViGEmClient.dll.84A31178\ViGEmClient.dll

Filesize
29KB

MD5
a8781afcba77ccb180939fdbd5767168

SHA1
3cb4fe39072f12309910dbe91ce44d16163d64d5

SHA256
02b50cbe797600959f43148991924d93407f04776e879bce7b979f30dd536ba9

SHA512
8184e22bb4adfcb40d0e0108d2b97c834cba8ab1e60fee5fd23332348298a0b971bd1d15991d8d02a1bc1cc504b2d34729ed1b8fea2c6adb57e36c33ac9559e9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\77045eed-a329-43de-a1fe-6e13a8739b5c.tmp

Filesize
365B

MD5
2c357a842e4dd450155b4d45c1617589

SHA1
a692e6d9c0e461e946c9bef386285578c36eb335

SHA256
cc6b87d6ea4f8216a3e8dca5dc115e48f9c53a76a0cb8a03d0b26d0388b0812b

SHA512
fbf60fc784f6505ffa01142a54f2dfd10a3b98a60b3dc14a0a4f16f90c35eff21fad95e60109fa5687182cfa06baec5fa04c4664c682acbd75296947b3572f9f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
09c398c963d23bc3afdd05b2a0d9972c

SHA1
c2de338951152d83779a645656e5ad5a825bba69

SHA256
0dd8eeee49b72b5e4a0657562e6f1c4889bc0ee5ae6929f35815f2d363e87dc7

SHA512
cd12e058faf6c7c5cc764a9b8f178a9221281950ac44ea229c435f078ea55eefbb62b5108279d6562f0f703313ac4337cc71914c624672aafb5b6908a2cb3dac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
b3daa70cf0f7dbcf30cbdfb8c3300a21

SHA1
deed90c86c6d362d4e7fb865c3d3c9589348ea95

SHA256
77e0eeef078f340ffc671f4e3ea6c79081007169d21ce4d1b0f2ce8c981b3ffd

SHA512
308c19ca10de21d3adc0d4f10362a93bc099f73f7f2f648c2bc1da7a824c109d4255c7289f8f1cfc010295c8303b32b26edce530e7aa0bb936fe2036cf1552da

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
673407015b671bd7834cf5fd22a354c7

SHA1
bfe5bfe2bfc546606f61071384db9d4439b54080

SHA256
8e276302306cdd2369974d3e4d4ebb4a47d9a50f0cc30afc66fc298e32c0fe68

SHA512
7596c63a2817114c2e15f61be3aa4c603c080152758ebff16385b0a34e3d1f33a7e102baf2d6e8892b37f50a5acdc991720d7976bdbe0bb85f3c0af490e56422

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
37d52df86834d9f70da0ce4cdcdf6277

SHA1
d9249edab62852b5de242c67b0b5a545e7071e52

SHA256
7a9170cdfef41153c2c7c27d1e8346da1ce7b11f1842b3fc929268788a6bdc40

SHA512
86c66e51d9713f5fa8f7b5555c29068c493d0fa914a887c63170bfb8aecf87e85982fd72c1c5de475058ff3112f1dc7a499930facbb3266e7ab1598edfc3a62f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
273KB

MD5
f9ba208037e44aa873b60d572127b6a7

SHA1
8f07502468b491ab7ec22c25b83f6c1339099746

SHA256
da7930e6c5ad865eeeadb08fd53814448aa558bb31c0d53491f9f4f53429cbcb

SHA512
ef6fd6e6c52f0d9d86e71d9525aaf3a09105fb3a5e7423697d3760cbc3d6681eb7a02a2b55026aeee8634bf4924e645ebcfb30bebc5234dedb348276b29f50cb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
\??\pipe\crashpad_2348_PBJIRCXFDONPUCIX

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/1816-27-0x000002184E8C0000-0x000002184E8C8000-memory.dmp

Filesize
32KB

Download
memory/1816-58-0x00007FFBEE9A0000-0x00007FFBEF461000-memory.dmp

Filesize
10.8MB

Download
memory/1816-24-0x000002184E7D0000-0x000002184E81A000-memory.dmp

Filesize
296KB

Download
memory/1816-25-0x000002184E850000-0x000002184E872000-memory.dmp

Filesize
136KB

Download
memory/1816-26-0x00007FFBEE9A0000-0x00007FFBEF461000-memory.dmp

Filesize
10.8MB

Download
memory/1816-0-0x00007FFBEE9A3000-0x00007FFBEE9A5000-memory.dmp

Filesize
8KB

Download
memory/1816-28-0x00007FFBEE9A0000-0x00007FFBEF461000-memory.dmp

Filesize
10.8MB

Download
memory/1816-22-0x0000021850490000-0x00000218504AC000-memory.dmp

Filesize
112KB

Download
memory/1816-42-0x00007FFBEE9A3000-0x00007FFBEE9A5000-memory.dmp

Filesize
8KB

Download
memory/1816-43-0x00007FFBEE9A0000-0x00007FFBEF461000-memory.dmp

Filesize
10.8MB

Download
memory/1816-44-0x00007FFBEE9A0000-0x00007FFBEF461000-memory.dmp

Filesize
10.8MB

Download
memory/1816-23-0x0000021850450000-0x000002185047C000-memory.dmp

Filesize
176KB

Download
memory/1816-59-0x00007FFBEE9A0000-0x00007FFBEF461000-memory.dmp

Filesize
10.8MB

Download
memory/1816-12-0x00007FFBEE9A0000-0x00007FFBEF461000-memory.dmp

Filesize
10.8MB

Download
memory/1816-9-0x0000021850650000-0x0000021850670000-memory.dmp

Filesize
128KB

Download
memory/1816-8-0x00007FFBEE9A0000-0x00007FFBEF461000-memory.dmp

Filesize
10.8MB

Download
memory/1816-6-0x000002184EC40000-0x000002184EC8A000-memory.dmp

Filesize
296KB

Download
memory/1816-4-0x000002184DDF0000-0x000002184E1CA000-memory.dmp

Filesize
3.9MB

Download
memory/1816-3-0x00007FFBEE9A0000-0x00007FFBEF461000-memory.dmp

Filesize
10.8MB

Download
memory/1816-2-0x000002184D740000-0x000002184D8D2000-memory.dmp

Filesize
1.6MB

Download
memory/1816-1-0x00000218322C0000-0x0000021833182000-memory.dmp

Filesize
14.8MB

Download