908babf5e35f2c31922744e1bf78990f9c1edbc5f7c1ce950812e920e60da1e9

Analysis

max time kernel
133s
max time network
135s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
13-07-2024 12:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

x360ce.exe
Size

14.7MB
MD5

be80f3348b240bcee1aa96d33fe0e768
SHA1

40ea5de9a7a15f6e0d891cd1ba4bca8519bb85ed
SHA256

74faf334cb0bdd3e9dfab8c323d4eb3b9b089bcaadc7dbd639d9aa93a4f6f829
SHA512

dfb3b191152981f21180e93597c7b1891da6f10b811db2c8db9f45bbecc9feb54bc032bdd648c7ad1134e9b09e5e2b9705d5e21294e1ae328a4390350745536a
SSDEEP

196608:n+/7/fO/vBSVnf+viDyJBwhsCArf+viDyJBQhsCAaIF/f+viDyJBaF9hsCA6EJ0k:nX/vu0Bwhs8vu0BQhsvFOvu0BaF9hsR

Score

4^/10

discovery

Malware Config

Signatures

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Windows directory 4 IoCs

Processes:

x360ce.exe

description	ioc	Process
File created	C:\Windows\INF\c_volume.PNF	x360ce.exe
File created	C:\Windows\INF\c_monitor.PNF	x360ce.exe
File created	C:\Windows\INF\c_diskdrive.PNF	x360ce.exe
File created	C:\Windows\INF\c_processor.PNF	x360ce.exe

Loads dropped DLL 1 IoCs

Processes:

x360ce.exe

pid	Process
4012	x360ce.exe

Checks SCSI registry key(s) 3 TTPs 28 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

x360ce.exe

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A	x360ce.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName	x360ce.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID	x360ce.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	x360ce.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\DeviceDesc	x360ce.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	x360ce.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	x360ce.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A	x360ce.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName	x360ce.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Mfg	x360ce.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A\	x360ce.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Mfg	x360ce.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002	x360ce.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_QEMU&PROD_HARDDISK\4&215468A5&0&000000	x360ce.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID	x360ce.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName	x360ce.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A\	x360ce.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Mfg	x360ce.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001	x360ce.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom	x360ce.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\DeviceDesc	x360ce.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\DeviceDesc	x360ce.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	x360ce.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\DeviceDesc	x360ce.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Mfg	x360ce.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	x360ce.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom	x360ce.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	x360ce.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133653484335137087"	chrome.exe

Suspicious behavior: EnumeratesProcesses 9 IoCs

Processes:

x360ce.exechrome.exe

pid	Process
4012	x360ce.exe
4012	x360ce.exe
4012	x360ce.exe
4012	x360ce.exe
4012	x360ce.exe
4012	x360ce.exe
4012	x360ce.exe
3848	chrome.exe
3848	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

Processes:

chrome.exe

pid	Process
3848	chrome.exe
3848	chrome.exe
3848	chrome.exe
3848	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

x360ce.exechrome.exe

description	pid	Process
Token: SeDebugPrivilege	4012	x360ce.exe
Token: SeShutdownPrivilege	3848	chrome.exe
Token: SeCreatePagefilePrivilege	3848	chrome.exe
Token: SeShutdownPrivilege	3848	chrome.exe
Token: SeCreatePagefilePrivilege	3848	chrome.exe
Token: SeShutdownPrivilege	3848	chrome.exe
Token: SeCreatePagefilePrivilege	3848	chrome.exe
Token: SeShutdownPrivilege	3848	chrome.exe
Token: SeCreatePagefilePrivilege	3848	chrome.exe
Token: SeShutdownPrivilege	3848	chrome.exe
Token: SeCreatePagefilePrivilege	3848	chrome.exe
Token: SeShutdownPrivilege	3848	chrome.exe
Token: SeCreatePagefilePrivilege	3848	chrome.exe
Token: SeShutdownPrivilege	3848	chrome.exe
Token: SeCreatePagefilePrivilege	3848	chrome.exe
Token: SeShutdownPrivilege	3848	chrome.exe
Token: SeCreatePagefilePrivilege	3848	chrome.exe
Token: SeShutdownPrivilege	3848	chrome.exe
Token: SeCreatePagefilePrivilege	3848	chrome.exe
Token: SeShutdownPrivilege	3848	chrome.exe
Token: SeCreatePagefilePrivilege	3848	chrome.exe
Token: SeShutdownPrivilege	3848	chrome.exe
Token: SeCreatePagefilePrivilege	3848	chrome.exe
Token: SeShutdownPrivilege	3848	chrome.exe
Token: SeCreatePagefilePrivilege	3848	chrome.exe
Token: SeShutdownPrivilege	3848	chrome.exe
Token: SeCreatePagefilePrivilege	3848	chrome.exe
Token: SeShutdownPrivilege	3848	chrome.exe
Token: SeCreatePagefilePrivilege	3848	chrome.exe
Token: SeShutdownPrivilege	3848	chrome.exe
Token: SeCreatePagefilePrivilege	3848	chrome.exe
Token: SeShutdownPrivilege	3848	chrome.exe
Token: SeCreatePagefilePrivilege	3848	chrome.exe
Token: SeShutdownPrivilege	3848	chrome.exe
Token: SeCreatePagefilePrivilege	3848	chrome.exe
Token: SeShutdownPrivilege	3848	chrome.exe
Token: SeCreatePagefilePrivilege	3848	chrome.exe
Token: SeShutdownPrivilege	3848	chrome.exe
Token: SeCreatePagefilePrivilege	3848	chrome.exe
Token: SeShutdownPrivilege	3848	chrome.exe
Token: SeCreatePagefilePrivilege	3848	chrome.exe
Token: SeShutdownPrivilege	3848	chrome.exe
Token: SeCreatePagefilePrivilege	3848	chrome.exe
Token: SeShutdownPrivilege	3848	chrome.exe
Token: SeCreatePagefilePrivilege	3848	chrome.exe
Token: SeShutdownPrivilege	3848	chrome.exe
Token: SeCreatePagefilePrivilege	3848	chrome.exe
Token: SeShutdownPrivilege	3848	chrome.exe
Token: SeCreatePagefilePrivilege	3848	chrome.exe
Token: SeShutdownPrivilege	3848	chrome.exe
Token: SeCreatePagefilePrivilege	3848	chrome.exe
Token: SeShutdownPrivilege	3848	chrome.exe
Token: SeCreatePagefilePrivilege	3848	chrome.exe
Token: SeShutdownPrivilege	3848	chrome.exe
Token: SeCreatePagefilePrivilege	3848	chrome.exe
Token: SeShutdownPrivilege	3848	chrome.exe
Token: SeCreatePagefilePrivilege	3848	chrome.exe
Token: SeShutdownPrivilege	3848	chrome.exe
Token: SeCreatePagefilePrivilege	3848	chrome.exe
Token: SeShutdownPrivilege	3848	chrome.exe
Token: SeCreatePagefilePrivilege	3848	chrome.exe
Token: SeShutdownPrivilege	3848	chrome.exe
Token: SeCreatePagefilePrivilege	3848	chrome.exe
Token: SeShutdownPrivilege	3848	chrome.exe

Suspicious use of FindShellTrayWindow 31 IoCs

Processes:

x360ce.exechrome.exe

pid	Process
4012	x360ce.exe
4012	x360ce.exe
4012	x360ce.exe
4012	x360ce.exe
3848	chrome.exe
3848	chrome.exe
3848	chrome.exe
3848	chrome.exe
3848	chrome.exe
3848	chrome.exe
3848	chrome.exe
3848	chrome.exe
3848	chrome.exe
3848	chrome.exe
3848	chrome.exe
3848	chrome.exe
3848	chrome.exe
3848	chrome.exe
3848	chrome.exe
3848	chrome.exe
3848	chrome.exe
3848	chrome.exe
3848	chrome.exe
3848	chrome.exe
3848	chrome.exe
3848	chrome.exe
3848	chrome.exe
3848	chrome.exe
3848	chrome.exe
3848	chrome.exe
3848	chrome.exe

Suspicious use of SendNotifyMessage 26 IoCs

Processes:

x360ce.exechrome.exe

pid	Process
4012	x360ce.exe
4012	x360ce.exe
3848	chrome.exe
3848	chrome.exe
3848	chrome.exe
3848	chrome.exe
3848	chrome.exe
3848	chrome.exe
3848	chrome.exe
3848	chrome.exe
3848	chrome.exe
3848	chrome.exe
3848	chrome.exe
3848	chrome.exe
3848	chrome.exe
3848	chrome.exe
3848	chrome.exe
3848	chrome.exe
3848	chrome.exe
3848	chrome.exe
3848	chrome.exe
3848	chrome.exe
3848	chrome.exe
3848	chrome.exe
3848	chrome.exe
3848	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

x360ce.exe

pid	Process
4012	x360ce.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	Process	procid_target
PID 3848 wrote to memory of 1640	3848	chrome.exe	76
PID 3848 wrote to memory of 1640	3848	chrome.exe	76
PID 3848 wrote to memory of 628	3848	chrome.exe	78
PID 3848 wrote to memory of 628	3848	chrome.exe	78
PID 3848 wrote to memory of 628	3848	chrome.exe	78
PID 3848 wrote to memory of 628	3848	chrome.exe	78
PID 3848 wrote to memory of 628	3848	chrome.exe	78
PID 3848 wrote to memory of 628	3848	chrome.exe	78
PID 3848 wrote to memory of 628	3848	chrome.exe	78
PID 3848 wrote to memory of 628	3848	chrome.exe	78
PID 3848 wrote to memory of 628	3848	chrome.exe	78
PID 3848 wrote to memory of 628	3848	chrome.exe	78
PID 3848 wrote to memory of 628	3848	chrome.exe	78
PID 3848 wrote to memory of 628	3848	chrome.exe	78
PID 3848 wrote to memory of 628	3848	chrome.exe	78
PID 3848 wrote to memory of 628	3848	chrome.exe	78
PID 3848 wrote to memory of 628	3848	chrome.exe	78
PID 3848 wrote to memory of 628	3848	chrome.exe	78
PID 3848 wrote to memory of 628	3848	chrome.exe	78
PID 3848 wrote to memory of 628	3848	chrome.exe	78
PID 3848 wrote to memory of 628	3848	chrome.exe	78
PID 3848 wrote to memory of 628	3848	chrome.exe	78
PID 3848 wrote to memory of 628	3848	chrome.exe	78
PID 3848 wrote to memory of 628	3848	chrome.exe	78
PID 3848 wrote to memory of 628	3848	chrome.exe	78
PID 3848 wrote to memory of 628	3848	chrome.exe	78
PID 3848 wrote to memory of 628	3848	chrome.exe	78
PID 3848 wrote to memory of 628	3848	chrome.exe	78
PID 3848 wrote to memory of 628	3848	chrome.exe	78
PID 3848 wrote to memory of 628	3848	chrome.exe	78
PID 3848 wrote to memory of 628	3848	chrome.exe	78
PID 3848 wrote to memory of 628	3848	chrome.exe	78
PID 3848 wrote to memory of 628	3848	chrome.exe	78
PID 3848 wrote to memory of 628	3848	chrome.exe	78
PID 3848 wrote to memory of 628	3848	chrome.exe	78
PID 3848 wrote to memory of 628	3848	chrome.exe	78
PID 3848 wrote to memory of 628	3848	chrome.exe	78
PID 3848 wrote to memory of 628	3848	chrome.exe	78
PID 3848 wrote to memory of 628	3848	chrome.exe	78
PID 3848 wrote to memory of 628	3848	chrome.exe	78
PID 3848 wrote to memory of 2328	3848	chrome.exe	79
PID 3848 wrote to memory of 2328	3848	chrome.exe	79
PID 3848 wrote to memory of 4732	3848	chrome.exe	80
PID 3848 wrote to memory of 4732	3848	chrome.exe	80
PID 3848 wrote to memory of 4732	3848	chrome.exe	80
PID 3848 wrote to memory of 4732	3848	chrome.exe	80
PID 3848 wrote to memory of 4732	3848	chrome.exe	80
PID 3848 wrote to memory of 4732	3848	chrome.exe	80
PID 3848 wrote to memory of 4732	3848	chrome.exe	80
PID 3848 wrote to memory of 4732	3848	chrome.exe	80
PID 3848 wrote to memory of 4732	3848	chrome.exe	80
PID 3848 wrote to memory of 4732	3848	chrome.exe	80
PID 3848 wrote to memory of 4732	3848	chrome.exe	80
PID 3848 wrote to memory of 4732	3848	chrome.exe	80
PID 3848 wrote to memory of 4732	3848	chrome.exe	80
PID 3848 wrote to memory of 4732	3848	chrome.exe	80
PID 3848 wrote to memory of 4732	3848	chrome.exe	80
PID 3848 wrote to memory of 4732	3848	chrome.exe	80
PID 3848 wrote to memory of 4732	3848	chrome.exe	80
PID 3848 wrote to memory of 4732	3848	chrome.exe	80
PID 3848 wrote to memory of 4732	3848	chrome.exe	80
PID 3848 wrote to memory of 4732	3848	chrome.exe	80
PID 3848 wrote to memory of 4732	3848	chrome.exe	80
PID 3848 wrote to memory of 4732	3848	chrome.exe	80

C:\Users\Admin\AppData\Local\Temp\x360ce.exe
"C:\Users\Admin\AppData\Local\Temp\x360ce.exe"
1⤵
- Drops file in Windows directory
- Loads dropped DLL
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:4012

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ff887b89758,0x7ff887b89768,0x7ff887b89778
  2⤵
  PID:1640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1532 --field-trial-handle=1844,i,3777338018595748635,14857968720183358280,131072 /prefetch:2
  2⤵
  PID:628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1800 --field-trial-handle=1844,i,3777338018595748635,14857968720183358280,131072 /prefetch:8
  2⤵
  PID:2328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2072 --field-trial-handle=1844,i,3777338018595748635,14857968720183358280,131072 /prefetch:8
  2⤵
  PID:4732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2852 --field-trial-handle=1844,i,3777338018595748635,14857968720183358280,131072 /prefetch:1
  2⤵
  PID:4104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2864 --field-trial-handle=1844,i,3777338018595748635,14857968720183358280,131072 /prefetch:1
  2⤵
  PID:824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4036 --field-trial-handle=1844,i,3777338018595748635,14857968720183358280,131072 /prefetch:1
  2⤵
  PID:392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4892 --field-trial-handle=1844,i,3777338018595748635,14857968720183358280,131072 /prefetch:8
  2⤵
  PID:4896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3932 --field-trial-handle=1844,i,3777338018595748635,14857968720183358280,131072 /prefetch:8
  2⤵
  PID:4500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4972 --field-trial-handle=1844,i,3777338018595748635,14857968720183358280,131072 /prefetch:8
  2⤵
  PID:4980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3844 --field-trial-handle=1844,i,3777338018595748635,14857968720183358280,131072 /prefetch:1
  2⤵
  PID:3000

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2916

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
211KB

MD5
151fb811968eaf8efb840908b89dc9d4

SHA1
7ec811009fd9b0e6d92d12d78b002275f2f1bee1

SHA256
043fd8558e4a5a60aaccd2f0377f77a544e3e375242e9d7200dc6e51f94103ed

SHA512
83aface0ab01da52fd077f747c9d5916e3c06b0ea5c551d7d316707ec3e8f3f986ce1c82e6f2136e48c6511a83cb0ac67ff6dc8f0e440ac72fc6854086a87674

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
d5843773c275c001b8c1ad0bd6887aba

SHA1
2af85311b2adc445b2ca78de9fac304ce387e8b7

SHA256
afe967243cc83f66d492c5ffe2b33af8f94d3eab902952d5448f859bb3fd5611

SHA512
512d71c51695f3d68df2c6fd3e963297f61539c44ac21bba0f576c89a8d5ae72b6232f803b3388c216a30e5b361450a0400ff7627569508566cba801e0471b4d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
f4505158f9c0b3e0fdcfd30fbfed55c6

SHA1
0a415ba1eeaf979cf0f0290a843104b565fba7dc

SHA256
9cf519b6de57b6a5da8a80466cdd724031de15b5177a7e38228c236e1e096925

SHA512
df2e179b419502c234ce196946629631c62e83c3dd46ef422527932c70750208f89b9aa8e2458d8af14e1c66487429a28e02c419cc5e978899fef638b49bdf3f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
eff8945b8f49e94417409d5a397680de

SHA1
ccbf7d37dec1b4ba6196d3233113e75221e47b1f

SHA256
51c8c5a233680cab9462e8870959684732560d747837c23b3671cbdd47b84fa2

SHA512
5d92699e13b39f9d4c167f3b709181ddc5dfce2391d6f216c5bb932657aa25d893c9bf5b6d4b22e4d3e4bab5662e14442afcc8c329a3aa512d51ee67b8a27c93

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
ba015395d1c70579c627e3423fda5056

SHA1
19d7629f45f9a43b2085e5b4c9217743ba9baadc

SHA256
2d5883c3b1a9707128662a1159d05b2c3a805e240cb70000db06002440d02ec1

SHA512
839c0c65b2740afdd86ebccd291e8c41b47d433bde712509b5975f9bbed6b5a13da2eee7720ef3c4751d93bdea793965ef3d48d1bd79ea572a30e93765b54855

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
f3266f018cc19f0a365e6242402f80a6

SHA1
2b5dafb4127c6f98963b0a56610e4a83e4248124

SHA256
6c6d954bed53cd48562c1d9bc00cabffbd21e23e74756df22bebeca7b75d1e3d

SHA512
8cd9a45a431822f96d94e7d2a60862edcc9503b72102bfcd02714e3eb46cc848fd273c2175adb634c9ce3c8bde27e9d5857f841c4703766f858ddb7e2100cf31

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
5b9fde97e097e2bff4be804fca14653f

SHA1
d90729ec42d3ab90302a1ff80a09bf37072bc766

SHA256
cc4872d1ac991d1385ecf51e366d223e7cb46be9884b2a8e549fbeb5caf67670

SHA512
30993e54a4d575c90ba4f57a44acc36a46eed87742b6a382e1c0244975debe0f51f9db4ce96678fcb5108eeeb7d2335b2d1d7973da8787dccb5665e37078e068

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
0b484328e0d78cf88b64b703d9e5ee57

SHA1
983bf012f4e3683bb3bd82d513fcc3fdb9b86e49

SHA256
2e77831c209861c896ea7e8164d93f18f78ff29f509bf7650043d0ea842884fb

SHA512
545c86cca82a5e93179afbb63befb3964372feecea8c457b3014a24fa323c99f4638359a0cc31ad968d3fc8278d75ffb0a10c3ece89cdb1d071c377f23dd4300

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
efb1b98386899a4313fc7c2d6dcb3e3c

SHA1
87deffef76bae3d385417e3250fd9619a2b503bf

SHA256
bd37a59ad6c120e96bb8f225848165c6b2e2f05daef94b4d8a35b219565edc20

SHA512
28eb1019ea62f0bbfb6424225404e78ff9817c9cd74e8307214d04eadbabddb5d8afb0ac47f7739d3daedb5645e4b2d8ff3b57acfb1cfbac9996f38a063a3ebe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
9ce0aafaecf5bb9faad0c1ef044566d7

SHA1
ede69de6caf749a9e2a636b7fd97675033e96dd1

SHA256
7376b2827fe939b053005bf6f7e53a8845b23d94bf7f0780c5ec8eb914b2ee76

SHA512
4029d67e19bec759e691e128247789fac48acc6bafb5502367d7809292c1e83fa89ff6edbff21ae58a01a49ef3545d632d6e80d92983981e2c73118b01686fd2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
5470b20c28e4ea40aa7609aefe07fcbf

SHA1
ae4eb85fb8ee693cc75a3a38e7b0f8ac0da4e1d1

SHA256
798d550ffcacbc926fcdffd2d18590c29ddbb6ad5df8f7f8553e69b891ee4f74

SHA512
ae895697336b62bcdaadc223ef22f53124b9a1e792d83e75743d9b3f7b850dec158e337cdfabc72032077bb43605c7931f2d6b92b67d5418f6f67d7c469b7398

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
12KB

MD5
af959293357fc85a569fe101f1489aea

SHA1
05937e4e446a5a0b14fe327ecb7a4f5ec99d400e

SHA256
33e9fffc63ad24d71f925a1bdfce0ffcff0d7511bd33e3a27a04589c7ca600fa

SHA512
78584cb19a193d60eb420d305a81d79bd2ad7e8909ac4601ea313740857e4b2a4036822d115cfa33829e149d4a8b21165367d90a15e01aad55439b30607d0905

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
288KB

MD5
086d9b19242b105ab603cf80eb48e2f5

SHA1
c72f1bb8373204952aafc02c4a1d0b3cd07d794b

SHA256
c091dde65365b5b4b8bec1b93cf2e6e185ad89172962d1535a4d8dab6f1303ff

SHA512
9356704e8f5daee9235fb0162c785b05bf28b3b7fa2b0510a75eb5b40e681a8fb116eec86c65a3346b51707df3bef961f3b93a821375cbf608fab904bafa90c2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
288KB

MD5
963d783e7f9ee9d9cec216a86effb5b7

SHA1
f2e990f7cb3a43e49d7b15d50697a44e310d3e23

SHA256
d7cd459743c24673dba815cabe11631937608e01381dd350044c9f932f6f5e31

SHA512
7c2b065e8e61994328f300e704b0b0b6a15e415e92c2339e0b5d49fc2425e590131b5091649fb2a9e317e8362e61a5f428b404d007b718fc77949444ef2a48e4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
f0cf673ac8ba0c8d48fec3c00ebdb583

SHA1
b13ce04dd8a5a572036d0fb57f60a6e831bd0e1b

SHA256
905f4327931ebfa11e2fb9381c1d9c92f9f96433276c5faeae373f8ea99d284c

SHA512
80ac86362ce15d6db38dddd6ec5df88c90f986909cadeaea4ff6f949ec6d1c7e362ddebc5c156284f3e089ec1babb5f76073bac8d44f743f098b1e7b8c9c27bb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
\??\pipe\crashpad_3848_GVRAVABVNQWFSPSP

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
\ProgramData\X360CE\Temp\ViGEmClient.dll.84A31178\ViGEmClient.dll

Filesize
29KB

MD5
a8781afcba77ccb180939fdbd5767168

SHA1
3cb4fe39072f12309910dbe91ce44d16163d64d5

SHA256
02b50cbe797600959f43148991924d93407f04776e879bce7b979f30dd536ba9

SHA512
8184e22bb4adfcb40d0e0108d2b97c834cba8ab1e60fee5fd23332348298a0b971bd1d15991d8d02a1bc1cc504b2d34729ed1b8fea2c6adb57e36c33ac9559e9

Download Submit
memory/4012-22-0x0000020CEA070000-0x0000020CEA08C000-memory.dmp

Filesize
112KB

Download
memory/4012-24-0x0000020CEA0C0000-0x0000020CEA10A000-memory.dmp

Filesize
296KB

Download
memory/4012-57-0x00007FF878840000-0x00007FF87922C000-memory.dmp

Filesize
9.9MB

Download
memory/4012-55-0x0000020CE9F40000-0x0000020CEA050000-memory.dmp

Filesize
1.1MB

Download
memory/4012-41-0x00007FF878843000-0x00007FF878844000-memory.dmp

Filesize
4KB

Download
memory/4012-28-0x00007FF878840000-0x00007FF87922C000-memory.dmp

Filesize
9.9MB

Download
memory/4012-27-0x0000020CEA310000-0x0000020CEA318000-memory.dmp

Filesize
32KB

Download
memory/4012-26-0x00007FF878840000-0x00007FF87922C000-memory.dmp

Filesize
9.9MB

Download
memory/4012-25-0x0000020CEA140000-0x0000020CEA162000-memory.dmp

Filesize
136KB

Download
memory/4012-56-0x0000020CEA170000-0x0000020CEA2F9000-memory.dmp

Filesize
1.5MB

Download
memory/4012-23-0x0000020CEA090000-0x0000020CEA0BC000-memory.dmp

Filesize
176KB

Download
memory/4012-0-0x00007FF878843000-0x00007FF878844000-memory.dmp

Filesize
4KB

Download
memory/4012-12-0x00007FF878840000-0x00007FF87922C000-memory.dmp

Filesize
9.9MB

Download
memory/4012-9-0x0000020CE92A0000-0x0000020CE92C0000-memory.dmp

Filesize
128KB

Download
memory/4012-8-0x00007FF878840000-0x00007FF87922C000-memory.dmp

Filesize
9.9MB

Download
memory/4012-6-0x0000020CE79E0000-0x0000020CE7A2A000-memory.dmp

Filesize
296KB

Download
memory/4012-4-0x0000020CE6A20000-0x0000020CE6DFA000-memory.dmp

Filesize
3.9MB

Download
memory/4012-3-0x00007FF878840000-0x00007FF87922C000-memory.dmp

Filesize
9.9MB

Download
memory/4012-2-0x0000020CE6380000-0x0000020CE6512000-memory.dmp

Filesize
1.6MB

Download
memory/4012-1-0x0000020CCB000000-0x0000020CCBEC2000-memory.dmp

Filesize
14.8MB

Download