74faf334cb0bdd3e9dfab8c323d4eb3b9b089bcaadc7dbd639d9aa93a4f6f829

Analysis

max time kernel
907s
max time network
431s
platform
windows10-2004_x64
resource
win10v2004-20240730-en
resource tags

arch:x64arch:x86image:win10v2004-20240730-enlocale:en-usos:windows10-2004-x64system
submitted
31-07-2024 01:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

x360ce.exe
Size

14.7MB
MD5

be80f3348b240bcee1aa96d33fe0e768
SHA1

40ea5de9a7a15f6e0d891cd1ba4bca8519bb85ed
SHA256

74faf334cb0bdd3e9dfab8c323d4eb3b9b089bcaadc7dbd639d9aa93a4f6f829
SHA512

dfb3b191152981f21180e93597c7b1891da6f10b811db2c8db9f45bbecc9feb54bc032bdd648c7ad1134e9b09e5e2b9705d5e21294e1ae328a4390350745536a
SSDEEP

196608:n+/7/fO/vBSVnf+viDyJBwhsCArf+viDyJBQhsCAaIF/f+viDyJBaF9hsCA6EJ0k:nX/vu0Bwhs8vu0BQhsvFOvu0BaF9hsR

Score

4^/10

discovery

Malware Config

Signatures

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Windows directory 6 IoCs

Processes:

x360ce.exe

description	ioc	process
File created	C:\Windows\INF\c_diskdrive.PNF	x360ce.exe
File created	C:\Windows\INF\c_display.PNF	x360ce.exe
File created	C:\Windows\INF\c_processor.PNF	x360ce.exe
File created	C:\Windows\INF\c_monitor.PNF	x360ce.exe
File created	C:\Windows\INF\c_volume.PNF	x360ce.exe
File created	C:\Windows\INF\c_media.PNF	x360ce.exe

Loads dropped DLL 1 IoCs

Processes:

x360ce.exe

pid process

3596 x360ce.exe
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks SCSI registry key(s) 3 TTPs 28 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

x360ce.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A	x360ce.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName	x360ce.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	x360ce.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\DeviceDesc	x360ce.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\DeviceDesc	x360ce.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\DeviceDesc	x360ce.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName	x360ce.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A\	x360ce.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Mfg	x360ce.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID	x360ce.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A\	x360ce.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom	x360ce.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	x360ce.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Mfg	x360ce.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	x360ce.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002	x360ce.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID	x360ce.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	x360ce.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Mfg	x360ce.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\DeviceDesc	x360ce.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName	x360ce.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID	x360ce.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Mfg	x360ce.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001	x360ce.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom	x360ce.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	x360ce.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A	x360ce.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	x360ce.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 1 IoCs

Processes:

chrome.exe

description ioc process

Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 1 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2077438316-259605770-1264560426-1000\{66678AD7-799F-420B-B8E2-D06FD8C05733}	chrome.exe

Suspicious behavior: EnumeratesProcesses 9 IoCs

Processes:

x360ce.exechrome.exe

pid process

3596 x360ce.exe
3596 x360ce.exe
3596 x360ce.exe
3596 x360ce.exe
3596 x360ce.exe
3596 x360ce.exe
3596 x360ce.exe
2152 chrome.exe
2152 chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

Processes:

chrome.exe

pid	process
2152	chrome.exe
2152	chrome.exe
2152	chrome.exe
2152	chrome.exe
2152	chrome.exe
2152	chrome.exe
2152	chrome.exe
2152	chrome.exe
2152	chrome.exe
2152	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

x360ce.exechrome.exe

description	pid	process
Token: SeDebugPrivilege	3596	x360ce.exe
Token: SeShutdownPrivilege	2152	chrome.exe
Token: SeCreatePagefilePrivilege	2152	chrome.exe
Token: SeShutdownPrivilege	2152	chrome.exe
Token: SeCreatePagefilePrivilege	2152	chrome.exe
Token: SeShutdownPrivilege	2152	chrome.exe
Token: SeCreatePagefilePrivilege	2152	chrome.exe
Token: SeShutdownPrivilege	2152	chrome.exe
Token: SeCreatePagefilePrivilege	2152	chrome.exe
Token: SeShutdownPrivilege	2152	chrome.exe
Token: SeCreatePagefilePrivilege	2152	chrome.exe
Token: SeShutdownPrivilege	2152	chrome.exe
Token: SeCreatePagefilePrivilege	2152	chrome.exe
Token: SeShutdownPrivilege	2152	chrome.exe
Token: SeCreatePagefilePrivilege	2152	chrome.exe
Token: SeShutdownPrivilege	2152	chrome.exe
Token: SeCreatePagefilePrivilege	2152	chrome.exe
Token: SeShutdownPrivilege	2152	chrome.exe
Token: SeCreatePagefilePrivilege	2152	chrome.exe
Token: SeShutdownPrivilege	2152	chrome.exe
Token: SeCreatePagefilePrivilege	2152	chrome.exe
Token: SeShutdownPrivilege	2152	chrome.exe
Token: SeCreatePagefilePrivilege	2152	chrome.exe
Token: SeShutdownPrivilege	2152	chrome.exe
Token: SeCreatePagefilePrivilege	2152	chrome.exe
Token: SeShutdownPrivilege	2152	chrome.exe
Token: SeCreatePagefilePrivilege	2152	chrome.exe
Token: SeShutdownPrivilege	2152	chrome.exe
Token: SeCreatePagefilePrivilege	2152	chrome.exe
Token: SeShutdownPrivilege	2152	chrome.exe
Token: SeCreatePagefilePrivilege	2152	chrome.exe
Token: SeShutdownPrivilege	2152	chrome.exe
Token: SeCreatePagefilePrivilege	2152	chrome.exe
Token: SeShutdownPrivilege	2152	chrome.exe
Token: SeCreatePagefilePrivilege	2152	chrome.exe
Token: SeShutdownPrivilege	2152	chrome.exe
Token: SeCreatePagefilePrivilege	2152	chrome.exe
Token: SeShutdownPrivilege	2152	chrome.exe
Token: SeCreatePagefilePrivilege	2152	chrome.exe
Token: SeShutdownPrivilege	2152	chrome.exe
Token: SeCreatePagefilePrivilege	2152	chrome.exe
Token: SeShutdownPrivilege	2152	chrome.exe
Token: SeCreatePagefilePrivilege	2152	chrome.exe
Token: SeShutdownPrivilege	2152	chrome.exe
Token: SeCreatePagefilePrivilege	2152	chrome.exe
Token: SeShutdownPrivilege	2152	chrome.exe
Token: SeCreatePagefilePrivilege	2152	chrome.exe
Token: SeShutdownPrivilege	2152	chrome.exe
Token: SeCreatePagefilePrivilege	2152	chrome.exe
Token: SeShutdownPrivilege	2152	chrome.exe
Token: SeCreatePagefilePrivilege	2152	chrome.exe
Token: SeShutdownPrivilege	2152	chrome.exe
Token: SeCreatePagefilePrivilege	2152	chrome.exe
Token: SeShutdownPrivilege	2152	chrome.exe
Token: SeCreatePagefilePrivilege	2152	chrome.exe
Token: SeShutdownPrivilege	2152	chrome.exe
Token: SeCreatePagefilePrivilege	2152	chrome.exe
Token: SeShutdownPrivilege	2152	chrome.exe
Token: SeCreatePagefilePrivilege	2152	chrome.exe
Token: SeShutdownPrivilege	2152	chrome.exe
Token: SeCreatePagefilePrivilege	2152	chrome.exe
Token: SeShutdownPrivilege	2152	chrome.exe
Token: SeCreatePagefilePrivilege	2152	chrome.exe
Token: SeShutdownPrivilege	2152	chrome.exe

Suspicious use of FindShellTrayWindow 30 IoCs

Processes:

x360ce.exechrome.exe

pid	process
3596	x360ce.exe
3596	x360ce.exe
3596	x360ce.exe
2152	chrome.exe
2152	chrome.exe
2152	chrome.exe
2152	chrome.exe
2152	chrome.exe
2152	chrome.exe
2152	chrome.exe
2152	chrome.exe
2152	chrome.exe
2152	chrome.exe
2152	chrome.exe
2152	chrome.exe
2152	chrome.exe
2152	chrome.exe
2152	chrome.exe
2152	chrome.exe
2152	chrome.exe
2152	chrome.exe
2152	chrome.exe
2152	chrome.exe
2152	chrome.exe
2152	chrome.exe
2152	chrome.exe
2152	chrome.exe
2152	chrome.exe
2152	chrome.exe
2152	chrome.exe

Suspicious use of SendNotifyMessage 26 IoCs

Processes:

x360ce.exechrome.exe

pid	process
3596	x360ce.exe
3596	x360ce.exe
2152	chrome.exe
2152	chrome.exe
2152	chrome.exe
2152	chrome.exe
2152	chrome.exe
2152	chrome.exe
2152	chrome.exe
2152	chrome.exe
2152	chrome.exe
2152	chrome.exe
2152	chrome.exe
2152	chrome.exe
2152	chrome.exe
2152	chrome.exe
2152	chrome.exe
2152	chrome.exe
2152	chrome.exe
2152	chrome.exe
2152	chrome.exe
2152	chrome.exe
2152	chrome.exe
2152	chrome.exe
2152	chrome.exe
2152	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

x360ce.exe

pid process

3596 x360ce.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 2152 wrote to memory of 1176	2152	chrome.exe	chrome.exe
PID 2152 wrote to memory of 1176	2152	chrome.exe	chrome.exe
PID 2152 wrote to memory of 2844	2152	chrome.exe	chrome.exe
PID 2152 wrote to memory of 2844	2152	chrome.exe	chrome.exe
PID 2152 wrote to memory of 2844	2152	chrome.exe	chrome.exe
PID 2152 wrote to memory of 2844	2152	chrome.exe	chrome.exe
PID 2152 wrote to memory of 2844	2152	chrome.exe	chrome.exe
PID 2152 wrote to memory of 2844	2152	chrome.exe	chrome.exe
PID 2152 wrote to memory of 2844	2152	chrome.exe	chrome.exe
PID 2152 wrote to memory of 2844	2152	chrome.exe	chrome.exe
PID 2152 wrote to memory of 2844	2152	chrome.exe	chrome.exe
PID 2152 wrote to memory of 2844	2152	chrome.exe	chrome.exe
PID 2152 wrote to memory of 2844	2152	chrome.exe	chrome.exe
PID 2152 wrote to memory of 2844	2152	chrome.exe	chrome.exe
PID 2152 wrote to memory of 2844	2152	chrome.exe	chrome.exe
PID 2152 wrote to memory of 2844	2152	chrome.exe	chrome.exe
PID 2152 wrote to memory of 2844	2152	chrome.exe	chrome.exe
PID 2152 wrote to memory of 2844	2152	chrome.exe	chrome.exe
PID 2152 wrote to memory of 2844	2152	chrome.exe	chrome.exe
PID 2152 wrote to memory of 2844	2152	chrome.exe	chrome.exe
PID 2152 wrote to memory of 2844	2152	chrome.exe	chrome.exe
PID 2152 wrote to memory of 2844	2152	chrome.exe	chrome.exe
PID 2152 wrote to memory of 2844	2152	chrome.exe	chrome.exe
PID 2152 wrote to memory of 2844	2152	chrome.exe	chrome.exe
PID 2152 wrote to memory of 2844	2152	chrome.exe	chrome.exe
PID 2152 wrote to memory of 2844	2152	chrome.exe	chrome.exe
PID 2152 wrote to memory of 2844	2152	chrome.exe	chrome.exe
PID 2152 wrote to memory of 2844	2152	chrome.exe	chrome.exe
PID 2152 wrote to memory of 2844	2152	chrome.exe	chrome.exe
PID 2152 wrote to memory of 2844	2152	chrome.exe	chrome.exe
PID 2152 wrote to memory of 2844	2152	chrome.exe	chrome.exe
PID 2152 wrote to memory of 2844	2152	chrome.exe	chrome.exe
PID 2152 wrote to memory of 644	2152	chrome.exe	chrome.exe
PID 2152 wrote to memory of 644	2152	chrome.exe	chrome.exe
PID 2152 wrote to memory of 1752	2152	chrome.exe	chrome.exe
PID 2152 wrote to memory of 1752	2152	chrome.exe	chrome.exe
PID 2152 wrote to memory of 1752	2152	chrome.exe	chrome.exe
PID 2152 wrote to memory of 1752	2152	chrome.exe	chrome.exe
PID 2152 wrote to memory of 1752	2152	chrome.exe	chrome.exe
PID 2152 wrote to memory of 1752	2152	chrome.exe	chrome.exe
PID 2152 wrote to memory of 1752	2152	chrome.exe	chrome.exe
PID 2152 wrote to memory of 1752	2152	chrome.exe	chrome.exe
PID 2152 wrote to memory of 1752	2152	chrome.exe	chrome.exe
PID 2152 wrote to memory of 1752	2152	chrome.exe	chrome.exe
PID 2152 wrote to memory of 1752	2152	chrome.exe	chrome.exe
PID 2152 wrote to memory of 1752	2152	chrome.exe	chrome.exe
PID 2152 wrote to memory of 1752	2152	chrome.exe	chrome.exe
PID 2152 wrote to memory of 1752	2152	chrome.exe	chrome.exe
PID 2152 wrote to memory of 1752	2152	chrome.exe	chrome.exe
PID 2152 wrote to memory of 1752	2152	chrome.exe	chrome.exe
PID 2152 wrote to memory of 1752	2152	chrome.exe	chrome.exe
PID 2152 wrote to memory of 1752	2152	chrome.exe	chrome.exe
PID 2152 wrote to memory of 1752	2152	chrome.exe	chrome.exe
PID 2152 wrote to memory of 1752	2152	chrome.exe	chrome.exe
PID 2152 wrote to memory of 1752	2152	chrome.exe	chrome.exe
PID 2152 wrote to memory of 1752	2152	chrome.exe	chrome.exe
PID 2152 wrote to memory of 1752	2152	chrome.exe	chrome.exe
PID 2152 wrote to memory of 1752	2152	chrome.exe	chrome.exe
PID 2152 wrote to memory of 1752	2152	chrome.exe	chrome.exe
PID 2152 wrote to memory of 1752	2152	chrome.exe	chrome.exe
PID 2152 wrote to memory of 1752	2152	chrome.exe	chrome.exe
PID 2152 wrote to memory of 1752	2152	chrome.exe	chrome.exe
PID 2152 wrote to memory of 1752	2152	chrome.exe	chrome.exe
PID 2152 wrote to memory of 1752	2152	chrome.exe	chrome.exe

C:\Users\Admin\AppData\Local\Temp\x360ce.exe
"C:\Users\Admin\AppData\Local\Temp\x360ce.exe"
1⤵
- Drops file in Windows directory
- Loads dropped DLL
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:3596

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2152

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffc1618cc40,0x7ffc1618cc4c,0x7ffc1618cc58
2⤵
PID:1176

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1916,i,15423631888016356701,9023926650021412729,262144 --variations-seed-version=20240730-050116.493000 --mojo-platform-channel-handle=1896 /prefetch:2
2⤵
PID:2844

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2200,i,15423631888016356701,9023926650021412729,262144 --variations-seed-version=20240730-050116.493000 --mojo-platform-channel-handle=2212 /prefetch:3
2⤵
PID:644

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2272,i,15423631888016356701,9023926650021412729,262144 --variations-seed-version=20240730-050116.493000 --mojo-platform-channel-handle=2472 /prefetch:8
2⤵
PID:1752

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3180,i,15423631888016356701,9023926650021412729,262144 --variations-seed-version=20240730-050116.493000 --mojo-platform-channel-handle=3192 /prefetch:1
2⤵
PID:2980

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3336,i,15423631888016356701,9023926650021412729,262144 --variations-seed-version=20240730-050116.493000 --mojo-platform-channel-handle=3352 /prefetch:1
2⤵
PID:2576

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3736,i,15423631888016356701,9023926650021412729,262144 --variations-seed-version=20240730-050116.493000 --mojo-platform-channel-handle=3728 /prefetch:1
2⤵
PID:412

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4712,i,15423631888016356701,9023926650021412729,262144 --variations-seed-version=20240730-050116.493000 --mojo-platform-channel-handle=4552 /prefetch:1
2⤵
PID:3160

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3080,i,15423631888016356701,9023926650021412729,262144 --variations-seed-version=20240730-050116.493000 --mojo-platform-channel-handle=3188 /prefetch:8
2⤵
PID:5028

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4904,i,15423631888016356701,9023926650021412729,262144 --variations-seed-version=20240730-050116.493000 --mojo-platform-channel-handle=4916 /prefetch:8
2⤵
PID:2792

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=4052,i,15423631888016356701,9023926650021412729,262144 --variations-seed-version=20240730-050116.493000 --mojo-platform-channel-handle=3188 /prefetch:1
2⤵
PID:3604

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4996,i,15423631888016356701,9023926650021412729,262144 --variations-seed-version=20240730-050116.493000 --mojo-platform-channel-handle=4956 /prefetch:1
2⤵
PID:2404

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5028,i,15423631888016356701,9023926650021412729,262144 --variations-seed-version=20240730-050116.493000 --mojo-platform-channel-handle=4868 /prefetch:1
2⤵
PID:2840

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=5056,i,15423631888016356701,9023926650021412729,262144 --variations-seed-version=20240730-050116.493000 --mojo-platform-channel-handle=4928 /prefetch:8
2⤵
PID:2144

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4748,i,15423631888016356701,9023926650021412729,262144 --variations-seed-version=20240730-050116.493000 --mojo-platform-channel-handle=4944 /prefetch:8
2⤵
- Modifies registry class
PID:916

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=4764,i,15423631888016356701,9023926650021412729,262144 --variations-seed-version=20240730-050116.493000 --mojo-platform-channel-handle=4564 /prefetch:1
2⤵
PID:3352

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5224,i,15423631888016356701,9023926650021412729,262144 --variations-seed-version=20240730-050116.493000 --mojo-platform-channel-handle=4644 /prefetch:1
2⤵
PID:3240

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=5500,i,15423631888016356701,9023926650021412729,262144 --variations-seed-version=20240730-050116.493000 --mojo-platform-channel-handle=5484 /prefetch:1
2⤵
PID:368

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
1⤵
PID:4308

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2100

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\X360CE\Temp\ViGEmClient.dll.84A31178\ViGEmClient.dll
Filesize
29KB

MD5
a8781afcba77ccb180939fdbd5767168

SHA1
3cb4fe39072f12309910dbe91ce44d16163d64d5

SHA256
02b50cbe797600959f43148991924d93407f04776e879bce7b979f30dd536ba9

SHA512
8184e22bb4adfcb40d0e0108d2b97c834cba8ab1e60fee5fd23332348298a0b971bd1d15991d8d02a1bc1cc504b2d34729ed1b8fea2c6adb57e36c33ac9559e9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001
Filesize
210KB

MD5
5ac828ee8e3812a5b225161caf6c61da

SHA1
86e65f22356c55c21147ce97903f5dbdf363649f

SHA256
b70465f707e42b41529b4e6d592f136d9eb307c39d040d147ad3c42842b723e7

SHA512
87472912277ae0201c2a41edc228720809b8a94599c54b06a9c509ff3b4a616fcdd10484b679fa0d436e472a8fc062f4b9cf7f4fa274dde6d10f77d378c06aa6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
816B

MD5
460f6c50c85d4a009fa3d5e3a39df718

SHA1
16159d64de97033b48fc652ca8267a5dd1827997

SHA256
06f6c262bf696aa7a35e5962a96e0e77f45a3e1b944822dc1ff9bf6a6930c5ad

SHA512
ccf5474eba87f5761aa27944a249b195b5249257c1b8a1ef77c912e34df15b4f81410cf9c83f91a8a871f49dec4260eefaf3a652cf3817b319e1c991d20c3e04

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
7KB

MD5
8a66e922e46786faf775c2efab36fc6d

SHA1
03dc94ec4d8bfa752b13a8fe889eca95df4b8804

SHA256
b34460320cab1dad1c96dbdbbbcdfa5a4d5d86d8715fbd8b1211e6e5c1f3d13d

SHA512
9fe0cc39712f3495f2d78b448bbf1f59bce5e38543f83664832f4dd5ae4734f4fc6d874e9524967ac3b1a7249ba03f7a92a8cf5b0f92c7078beed0d4848ac89b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
7339caa88ac87e534c874bc667aa95e0

SHA1
b39395a9782ce1ee8a3db2a69ec74b6e651ef83c

SHA256
b2656f7686270c98f61f7028c0ed536069638718adb8ee15fdef5cf74d07675f

SHA512
0039dd9aa1e3bf607ad08da380876d5767e133c022b66ffaf1b7fd89c0613634b9a6e6742286898954075021a0cb75d377585aa0f057034eb53677f09a3fb68c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
354B

MD5
6200a1cfa2792973fc0de5d98318c479

SHA1
376bcc0c43aee21397cae8c2beb5504368a15f07

SHA256
51b3cac45a68d31a4eee5ec3c62d881f63034a5e7866dbf9d8308eb3239db4cf

SHA512
f28dc3817b6d0ba2a351466babb603ed1fe0725942f91683b1aa4dd9bbc05c6a7084cba3f82254cab71577643672bda8a08effa0342c43c1f16f951491e2e9e5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
850B

MD5
4f42ff0800e08f349406b83d91de59c5

SHA1
cf73a26b89175a6ec7e0214df296de8fcd1abf4e

SHA256
59934520010793823d2a232cdab724adf0b7f610c3b5c50ee5c6d7a8f225d358

SHA512
ac4a079c6475dd0ac89aad0639a6d991a39d2bb7334661167511eb41378086a436c75a2003b44bf31fa659ecc6f50b998dc663a506d044904d573ef186a4b768

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
8KB

MD5
6e712df1af297f7a927a6d211a627ae6

SHA1
a9af567d13f7bf92b6853f055782da5c0c6571d7

SHA256
a2fea08ded076cd46e3f4aaf5168930ef1e4343957f7189d620cda5b93bd7e7a

SHA512
aad86027921854f5ead6828f91ef5313154d01698eb99a43f03ee2cbb38c439f1270e158fa8edce45321d3aa5c3f6e28305bd82436806e2bf779b83ca5529101

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
8KB

MD5
648323ffc2416f0914e90c2ab67e0080

SHA1
c1dd1ac541ece858f0d93d6f30c6e6c8e7b9de78

SHA256
4c4406d97675d24e82fe3d30d60bb30353f442095b4f77c96b6ffc77f10167fc

SHA512
08f2cfbb01ea3bbc182754b25a7f104d6378fe6cb90845ba7f03952091bae01b0f07334adca3e805e352f3e5c70d5dae5ef2785bd31431bec6bae81239ae60d7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
9KB

MD5
84aad74b072ece7780efd9b339b6ce2e

SHA1
67356fa85baee1ff3159a6fdf49fd87f95417176

SHA256
841d083e09f4177e86e80e405d0a2b93bc640605b8b06e1a442a44c485b4c7a2

SHA512
359a5c65b4ff50b9e4e4f6dc3b356356e1a8b4f128b9ad0dc939988be1a80d8f7832f152ffb07864730f5babeb09603678fe15f432923df60945ba08d6e4ef2f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
197KB

MD5
08614610d8d16ee31361f2c010ee599b

SHA1
ca77671bdebe135f3c7b0b43ad1b39be885b099e

SHA256
3bf9e23a2341be7d4a28deeefd8912a5d1cbc2ae6172ad9fc447d1f9633acae5

SHA512
b4ce1122593f7b70b4d1d356957b7ec36d8800f1c049d18230bbed6803edc24ac5274e9fd465388216e2af2a900ba956b9bd9bb348e3d7f92ab55a9806c6093a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
197KB

MD5
0798d9ff43d1f1d5d4b6eae5f5abdf12

SHA1
412a9701c54fb2700775cd2cbc997b4e09bc60fa

SHA256
3014514b19da718d6a5476a55623d2cb598a8ec1e3a873cefb7c62d324a31a77

SHA512
56a35027ebe71be063e182897814c49a2186b82375a60c5db6a0f0551ec0b88b003d07013f2a98485f949ab4259c6491946f424faef37cd336c8eec1681ac21d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
197KB

MD5
d9686dee0bddec3559ff22038fdcfd48

SHA1
d9078123b7fa1005dc512f5cde7d69ac292a0eb7

SHA256
4a1f11b1a40627adadc74aa807dfd253fd44fd3b29dba70ed9304b10cc987cf4

SHA512
b38806a2daddf3013fcdd5901cce49a8407142a0f2414bcb2fe24401f909151798f2f03b21c54bf163680d0f81705c921bf7dd11f10b28f78803dcabacb36037

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1
Filesize
264KB

MD5
74a32522d8c59ed80dcca6e8e374349a

SHA1
b8cf574b093b090d19d55dbe21868047ab1ae2fc

SHA256
2a8e666914e39cc899fbc3de1d4f0835f912fa4ce078710f004ecc840a4dc84a

SHA512
4ce42c95cca36d79221dac5a3d2e75656108921a0622baafe7a39f20d9110d77e66dc3c9691273d6b7fdff4323c08ee7089d1c3a97e4f7558409a60fd22ef8e5

Download Submit
\??\pipe\crashpad_2152_XVGBTPHFIJLQIAZI
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/3596-28-0x00007FFC064E0000-0x00007FFC06FA1000-memory.dmp

Filesize
10.8MB

Download
memory/3596-27-0x000001F04D510000-0x000001F04D518000-memory.dmp

Filesize
32KB

Download
memory/3596-22-0x000001F04D5C0000-0x000001F04D5DC000-memory.dmp

Filesize
112KB

Download
memory/3596-12-0x00007FFC064E0000-0x00007FFC06FA1000-memory.dmp

Filesize
10.8MB

Download
memory/3596-9-0x000001F04D550000-0x000001F04D570000-memory.dmp

Filesize
128KB

Download
memory/3596-23-0x000001F04D5E0000-0x000001F04D60C000-memory.dmp

Filesize
176KB

Download
memory/3596-8-0x00007FFC064E0000-0x00007FFC06FA1000-memory.dmp

Filesize
10.8MB

Download
memory/3596-6-0x000001F04D780000-0x000001F04D7CA000-memory.dmp

Filesize
296KB

Download
memory/3596-0-0x00007FFC064E3000-0x00007FFC064E5000-memory.dmp

Filesize
8KB

Download
memory/3596-55-0x00007FFC064E0000-0x00007FFC06FA1000-memory.dmp

Filesize
10.8MB

Download
memory/3596-4-0x000001F04C320000-0x000001F04C6FA000-memory.dmp

Filesize
3.9MB

Download
memory/3596-26-0x00007FFC064E0000-0x00007FFC06FA1000-memory.dmp

Filesize
10.8MB

Download
memory/3596-25-0x000001F050190000-0x000001F0501B2000-memory.dmp

Filesize
136KB

Download
memory/3596-3-0x00007FFC064E0000-0x00007FFC06FA1000-memory.dmp

Filesize
10.8MB

Download
memory/3596-2-0x000001F04BD60000-0x000001F04BEF2000-memory.dmp

Filesize
1.6MB

Download
memory/3596-1-0x000001F0308D0000-0x000001F031792000-memory.dmp

Filesize
14.8MB

Download
memory/3596-24-0x000001F050110000-0x000001F05015A000-memory.dmp

Filesize
296KB

Download