hxxps://needlejuicerecords[.]com/pages/friday-night-funkin

Resubmissions

30-06-2024 10:57

240630-m2fycswgpd 1

30-06-2024 10:56

240630-m1ptwawgnh 4

30-06-2024 00:25

240630-aq5fcszgmf 10

Analysis

max time kernel
1787s
max time network
1797s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
30-06-2024 10:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://needlejuicerecords.com/pages/friday-night-funkin

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133642186657806295"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4988	chrome.exe
4988	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 36 IoCs

pid	Process
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4988	chrome.exe
Token: SeCreatePagefilePrivilege	4988	chrome.exe
Token: SeShutdownPrivilege	4988	chrome.exe
Token: SeCreatePagefilePrivilege	4988	chrome.exe
Token: SeShutdownPrivilege	4988	chrome.exe
Token: SeCreatePagefilePrivilege	4988	chrome.exe
Token: SeShutdownPrivilege	4988	chrome.exe
Token: SeCreatePagefilePrivilege	4988	chrome.exe
Token: SeShutdownPrivilege	4988	chrome.exe
Token: SeCreatePagefilePrivilege	4988	chrome.exe
Token: SeShutdownPrivilege	4988	chrome.exe
Token: SeCreatePagefilePrivilege	4988	chrome.exe
Token: SeShutdownPrivilege	4988	chrome.exe
Token: SeCreatePagefilePrivilege	4988	chrome.exe
Token: SeShutdownPrivilege	4988	chrome.exe
Token: SeCreatePagefilePrivilege	4988	chrome.exe
Token: SeShutdownPrivilege	4988	chrome.exe
Token: SeCreatePagefilePrivilege	4988	chrome.exe
Token: SeShutdownPrivilege	4988	chrome.exe
Token: SeCreatePagefilePrivilege	4988	chrome.exe
Token: SeShutdownPrivilege	4988	chrome.exe
Token: SeCreatePagefilePrivilege	4988	chrome.exe
Token: SeShutdownPrivilege	4988	chrome.exe
Token: SeCreatePagefilePrivilege	4988	chrome.exe
Token: SeShutdownPrivilege	4988	chrome.exe
Token: SeCreatePagefilePrivilege	4988	chrome.exe
Token: SeShutdownPrivilege	4988	chrome.exe
Token: SeCreatePagefilePrivilege	4988	chrome.exe
Token: SeShutdownPrivilege	4988	chrome.exe
Token: SeCreatePagefilePrivilege	4988	chrome.exe
Token: SeShutdownPrivilege	4988	chrome.exe
Token: SeCreatePagefilePrivilege	4988	chrome.exe
Token: SeShutdownPrivilege	4988	chrome.exe
Token: SeCreatePagefilePrivilege	4988	chrome.exe
Token: SeShutdownPrivilege	4988	chrome.exe
Token: SeCreatePagefilePrivilege	4988	chrome.exe
Token: SeShutdownPrivilege	4988	chrome.exe
Token: SeCreatePagefilePrivilege	4988	chrome.exe
Token: SeShutdownPrivilege	4988	chrome.exe
Token: SeCreatePagefilePrivilege	4988	chrome.exe
Token: SeShutdownPrivilege	4988	chrome.exe
Token: SeCreatePagefilePrivilege	4988	chrome.exe
Token: SeShutdownPrivilege	4988	chrome.exe
Token: SeCreatePagefilePrivilege	4988	chrome.exe
Token: SeShutdownPrivilege	4988	chrome.exe
Token: SeCreatePagefilePrivilege	4988	chrome.exe
Token: SeShutdownPrivilege	4988	chrome.exe
Token: SeCreatePagefilePrivilege	4988	chrome.exe
Token: SeShutdownPrivilege	4988	chrome.exe
Token: SeCreatePagefilePrivilege	4988	chrome.exe
Token: SeShutdownPrivilege	4988	chrome.exe
Token: SeCreatePagefilePrivilege	4988	chrome.exe
Token: SeShutdownPrivilege	4988	chrome.exe
Token: SeCreatePagefilePrivilege	4988	chrome.exe
Token: SeShutdownPrivilege	4988	chrome.exe
Token: SeCreatePagefilePrivilege	4988	chrome.exe
Token: SeShutdownPrivilege	4988	chrome.exe
Token: SeCreatePagefilePrivilege	4988	chrome.exe
Token: SeShutdownPrivilege	4988	chrome.exe
Token: SeCreatePagefilePrivilege	4988	chrome.exe
Token: SeShutdownPrivilege	4988	chrome.exe
Token: SeCreatePagefilePrivilege	4988	chrome.exe
Token: SeShutdownPrivilege	4988	chrome.exe
Token: SeCreatePagefilePrivilege	4988	chrome.exe

Suspicious use of FindShellTrayWindow 27 IoCs

pid	Process
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4988 wrote to memory of 4864	4988	chrome.exe	82
PID 4988 wrote to memory of 4864	4988	chrome.exe	82
PID 4988 wrote to memory of 2012	4988	chrome.exe	83
PID 4988 wrote to memory of 2012	4988	chrome.exe	83
PID 4988 wrote to memory of 2012	4988	chrome.exe	83
PID 4988 wrote to memory of 2012	4988	chrome.exe	83
PID 4988 wrote to memory of 2012	4988	chrome.exe	83
PID 4988 wrote to memory of 2012	4988	chrome.exe	83
PID 4988 wrote to memory of 2012	4988	chrome.exe	83
PID 4988 wrote to memory of 2012	4988	chrome.exe	83
PID 4988 wrote to memory of 2012	4988	chrome.exe	83
PID 4988 wrote to memory of 2012	4988	chrome.exe	83
PID 4988 wrote to memory of 2012	4988	chrome.exe	83
PID 4988 wrote to memory of 2012	4988	chrome.exe	83
PID 4988 wrote to memory of 2012	4988	chrome.exe	83
PID 4988 wrote to memory of 2012	4988	chrome.exe	83
PID 4988 wrote to memory of 2012	4988	chrome.exe	83
PID 4988 wrote to memory of 2012	4988	chrome.exe	83
PID 4988 wrote to memory of 2012	4988	chrome.exe	83
PID 4988 wrote to memory of 2012	4988	chrome.exe	83
PID 4988 wrote to memory of 2012	4988	chrome.exe	83
PID 4988 wrote to memory of 2012	4988	chrome.exe	83
PID 4988 wrote to memory of 2012	4988	chrome.exe	83
PID 4988 wrote to memory of 2012	4988	chrome.exe	83
PID 4988 wrote to memory of 2012	4988	chrome.exe	83
PID 4988 wrote to memory of 2012	4988	chrome.exe	83
PID 4988 wrote to memory of 2012	4988	chrome.exe	83
PID 4988 wrote to memory of 2012	4988	chrome.exe	83
PID 4988 wrote to memory of 2012	4988	chrome.exe	83
PID 4988 wrote to memory of 2012	4988	chrome.exe	83
PID 4988 wrote to memory of 2012	4988	chrome.exe	83
PID 4988 wrote to memory of 2012	4988	chrome.exe	83
PID 4988 wrote to memory of 2012	4988	chrome.exe	83
PID 4988 wrote to memory of 1076	4988	chrome.exe	84
PID 4988 wrote to memory of 1076	4988	chrome.exe	84
PID 4988 wrote to memory of 3344	4988	chrome.exe	85
PID 4988 wrote to memory of 3344	4988	chrome.exe	85
PID 4988 wrote to memory of 3344	4988	chrome.exe	85
PID 4988 wrote to memory of 3344	4988	chrome.exe	85
PID 4988 wrote to memory of 3344	4988	chrome.exe	85
PID 4988 wrote to memory of 3344	4988	chrome.exe	85
PID 4988 wrote to memory of 3344	4988	chrome.exe	85
PID 4988 wrote to memory of 3344	4988	chrome.exe	85
PID 4988 wrote to memory of 3344	4988	chrome.exe	85
PID 4988 wrote to memory of 3344	4988	chrome.exe	85
PID 4988 wrote to memory of 3344	4988	chrome.exe	85
PID 4988 wrote to memory of 3344	4988	chrome.exe	85
PID 4988 wrote to memory of 3344	4988	chrome.exe	85
PID 4988 wrote to memory of 3344	4988	chrome.exe	85
PID 4988 wrote to memory of 3344	4988	chrome.exe	85
PID 4988 wrote to memory of 3344	4988	chrome.exe	85
PID 4988 wrote to memory of 3344	4988	chrome.exe	85
PID 4988 wrote to memory of 3344	4988	chrome.exe	85
PID 4988 wrote to memory of 3344	4988	chrome.exe	85
PID 4988 wrote to memory of 3344	4988	chrome.exe	85
PID 4988 wrote to memory of 3344	4988	chrome.exe	85
PID 4988 wrote to memory of 3344	4988	chrome.exe	85
PID 4988 wrote to memory of 3344	4988	chrome.exe	85
PID 4988 wrote to memory of 3344	4988	chrome.exe	85
PID 4988 wrote to memory of 3344	4988	chrome.exe	85
PID 4988 wrote to memory of 3344	4988	chrome.exe	85
PID 4988 wrote to memory of 3344	4988	chrome.exe	85
PID 4988 wrote to memory of 3344	4988	chrome.exe	85
PID 4988 wrote to memory of 3344	4988	chrome.exe	85

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://needlejuicerecords.com/pages/friday-night-funkin
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc4ec4ab58,0x7ffc4ec4ab68,0x7ffc4ec4ab78
  2⤵
  PID:4864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1720 --field-trial-handle=1924,i,6132030945948210413,1938652907890784109,131072 /prefetch:2
  2⤵
  PID:2012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1944 --field-trial-handle=1924,i,6132030945948210413,1938652907890784109,131072 /prefetch:8
  2⤵
  PID:1076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2248 --field-trial-handle=1924,i,6132030945948210413,1938652907890784109,131072 /prefetch:8
  2⤵
  PID:3344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2876 --field-trial-handle=1924,i,6132030945948210413,1938652907890784109,131072 /prefetch:1
  2⤵
  PID:4412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2884 --field-trial-handle=1924,i,6132030945948210413,1938652907890784109,131072 /prefetch:1
  2⤵
  PID:2396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4292 --field-trial-handle=1924,i,6132030945948210413,1938652907890784109,131072 /prefetch:8
  2⤵
  PID:4520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4444 --field-trial-handle=1924,i,6132030945948210413,1938652907890784109,131072 /prefetch:8
  2⤵
  PID:808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4432 --field-trial-handle=1924,i,6132030945948210413,1938652907890784109,131072 /prefetch:1
  2⤵
  PID:1796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3108 --field-trial-handle=1924,i,6132030945948210413,1938652907890784109,131072 /prefetch:1
  2⤵
  PID:748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4076 --field-trial-handle=1924,i,6132030945948210413,1938652907890784109,131072 /prefetch:1
  2⤵
  PID:3832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4560 --field-trial-handle=1924,i,6132030945948210413,1938652907890784109,131072 /prefetch:1
  2⤵
  PID:4128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4620 --field-trial-handle=1924,i,6132030945948210413,1938652907890784109,131072 /prefetch:1
  2⤵
  PID:3400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3200 --field-trial-handle=1924,i,6132030945948210413,1938652907890784109,131072 /prefetch:1
  2⤵
  PID:544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4772 --field-trial-handle=1924,i,6132030945948210413,1938652907890784109,131072 /prefetch:1
  2⤵
  PID:1872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4872 --field-trial-handle=1924,i,6132030945948210413,1938652907890784109,131072 /prefetch:1
  2⤵
  PID:2608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=4900 --field-trial-handle=1924,i,6132030945948210413,1938652907890784109,131072 /prefetch:1
  2⤵
  PID:4296
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=4432 --field-trial-handle=1924,i,6132030945948210413,1938652907890784109,131072 /prefetch:1
  2⤵
  PID:1912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=4792 --field-trial-handle=1924,i,6132030945948210413,1938652907890784109,131072 /prefetch:1
  2⤵
  PID:2736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=4724 --field-trial-handle=1924,i,6132030945948210413,1938652907890784109,131072 /prefetch:1
  2⤵
  PID:4016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=4560 --field-trial-handle=1924,i,6132030945948210413,1938652907890784109,131072 /prefetch:1
  2⤵
  PID:1760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=4792 --field-trial-handle=1924,i,6132030945948210413,1938652907890784109,131072 /prefetch:1
  2⤵
  PID:4872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=4940 --field-trial-handle=1924,i,6132030945948210413,1938652907890784109,131072 /prefetch:1
  2⤵
  PID:1120
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=4536 --field-trial-handle=1924,i,6132030945948210413,1938652907890784109,131072 /prefetch:1
  2⤵
  PID:60
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=2880 --field-trial-handle=1924,i,6132030945948210413,1938652907890784109,131072 /prefetch:1
  2⤵
  PID:392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=4444 --field-trial-handle=1924,i,6132030945948210413,1938652907890784109,131072 /prefetch:1
  2⤵
  PID:2252
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=4660 --field-trial-handle=1924,i,6132030945948210413,1938652907890784109,131072 /prefetch:1
  2⤵
  PID:3488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=4768 --field-trial-handle=1924,i,6132030945948210413,1938652907890784109,131072 /prefetch:1
  2⤵
  PID:2452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=4852 --field-trial-handle=1924,i,6132030945948210413,1938652907890784109,131072 /prefetch:1
  2⤵
  PID:3056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=4500 --field-trial-handle=1924,i,6132030945948210413,1938652907890784109,131072 /prefetch:1
  2⤵
  PID:1816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=4672 --field-trial-handle=1924,i,6132030945948210413,1938652907890784109,131072 /prefetch:1
  2⤵
  PID:4396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=3120 --field-trial-handle=1924,i,6132030945948210413,1938652907890784109,131072 /prefetch:1
  2⤵
  PID:2272
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=4748 --field-trial-handle=1924,i,6132030945948210413,1938652907890784109,131072 /prefetch:1
  2⤵
  PID:2152
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=4692 --field-trial-handle=1924,i,6132030945948210413,1938652907890784109,131072 /prefetch:1
  2⤵
  PID:388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=4444 --field-trial-handle=1924,i,6132030945948210413,1938652907890784109,131072 /prefetch:1
  2⤵
  PID:2764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=3068 --field-trial-handle=1924,i,6132030945948210413,1938652907890784109,131072 /prefetch:1
  2⤵
  PID:4332
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --mojo-platform-channel-handle=3056 --field-trial-handle=1924,i,6132030945948210413,1938652907890784109,131072 /prefetch:1
  2⤵
  PID:2396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=3068 --field-trial-handle=1924,i,6132030945948210413,1938652907890784109,131072 /prefetch:1
  2⤵
  PID:756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --mojo-platform-channel-handle=4296 --field-trial-handle=1924,i,6132030945948210413,1938652907890784109,131072 /prefetch:1
  2⤵
  PID:1492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --mojo-platform-channel-handle=4484 --field-trial-handle=1924,i,6132030945948210413,1938652907890784109,131072 /prefetch:1
  2⤵
  PID:4272
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4864 --field-trial-handle=1924,i,6132030945948210413,1938652907890784109,131072 /prefetch:8
  2⤵
  PID:3032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4052 --field-trial-handle=1924,i,6132030945948210413,1938652907890784109,131072 /prefetch:8
  2⤵
  PID:1416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3196 --field-trial-handle=1924,i,6132030945948210413,1938652907890784109,131072 /prefetch:8
  2⤵
  PID:1672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --mojo-platform-channel-handle=4648 --field-trial-handle=1924,i,6132030945948210413,1938652907890784109,131072 /prefetch:1
  2⤵
  PID:3500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --mojo-platform-channel-handle=2660 --field-trial-handle=1924,i,6132030945948210413,1938652907890784109,131072 /prefetch:1
  2⤵
  PID:4756

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:4908

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
811B

MD5
e6b2e3d36c5c56e2de48776c953561f9

SHA1
9451b3d78e512028ebfdd13a6b52720af2c3bc6a

SHA256
52fc3ae50b2819592c590f8bd7a41a722e7407bcd14e07fa1ffbca05374296b0

SHA512
9df1c3cf5e55cd512cc2415fbd8d7970ddf38eefb71ec11202e8615dd60d6b4bad2ee81fdabd6eb91c1384917bea8383907a0df9079b19cfa3230f513bc2f483

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
3bebab8381bcde334cb783daa5e83166

SHA1
587f32404c3b25f4a6ed0a6b1828cb913d0925c0

SHA256
ee6ab1c2a2ff10024259c269718c5a237476bfca27f362387951a9267a1bd1b0

SHA512
bcbd23d3e9305881dc1a8f2eb7de0d6cbee8c05224642762541f1443adca33a56974992da2b834d92338d45b166af81a478526ac57b49198d3cfb19a769c3c06

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
637a52643c60b33f8e062866cc9e87e1

SHA1
c86131c0dff17f5a61c25755922f1579b63f44e6

SHA256
dfb5bc904b540a045e132b2d2812761910e5e182a48799f7cf6cccfb421ed742

SHA512
56123b077a2b25abb2c45d496d63a9ef26123bfda07892b551ea6814d91b3d09f7ce8bad3ea1a3dddad15e1ba07c8c63d424cd223ffd129b3234172078f27d76

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
257KB

MD5
bba7b70d106aa8f083339e0ac1eff8b3

SHA1
e4ef6f8ac6255d438ffc8eac6a774ab750a5de6a

SHA256
95d7ded7f4e0d32b9b0a47a76d7c18bd4cb756674c49ce207e9b91814e1d5774

SHA512
007bdc27552fdca35f9348c1e0e9172d57535dd3a67b26af6f9568692ee719d69b1d142f3f80473ac99a96ab5a27a33e6a1055b146f080244285bee7a1a0e58e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
257KB

MD5
b94be307218c9e3194efaba5248f6e56

SHA1
bbf6b8c21faf424dccd3f2475218090f8ebe3cb1

SHA256
df9da31fd2f8e7b8cfe165350fff26ddf1d90346f62f1547ebb99fbb42561c1e

SHA512
7eaa05f76d080f4045870ecd068501019ce41d57445af1134b8b031ac9a55230ed4bf8a81d7ce0433fced0e902640482182eae7d6b95aea66dcdf725ca1c0b18

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
257KB

MD5
9ae37ba4e346febed973c83ad79c473e

SHA1
465b3307a74b3d9f9ae0ae496f03a32d71dac3e4

SHA256
be440cdf26d1a514efaf09a59d6333e19115b42ea41af07efef1f9065ad5197c

SHA512
e508e4a4061c4a6aef28063bcc54ee78cebac39f031c88d95786e7d3dadbfd5db36b344b90481f0cf1d648754a379ea4a8d75161e7a004178a8d07431d6ccecd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
257KB

MD5
8be847e1ce474b0655b433af1a47452f

SHA1
580013c03eebd740d62ac40dd1e7ce7089fe038d

SHA256
53a90c3065d322a6f8fab29629c4578d49901fdb192217ee0aa1cc70df43c389

SHA512
1c0f0126a3353cf26144df5d8ffd3aeb2bec3bc43f4afbdb9e181cdf370fb82401a4a11013ad772e7d7acbd5e1a669cfffea65d5fac4e228641fac9d5d006ed2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
91KB

MD5
44c6018683001404a1af59a53a4121d4

SHA1
de4265c8bf33352d3dfbb2795724bf1fb747bec4

SHA256
1b5749b6b7fda9b7919062eea3f3985a01b065ccb163f3c25dbeccad5cfdae85

SHA512
b84f64fdb3022c07df0f7aec490f855db2fe0421f4330b46bbedb0aa78de456e3d66e5ad18ef5d69f77d2a4483c97ea79f1632aca484de510a4804982b862d5e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57dafe.TMP

Filesize
88KB

MD5
2b7b7ad1e9b42abc3ff1ad413007a059

SHA1
0ca9720a1b14db00ed5ea08250606dd871db703f

SHA256
cf036326e460eaca194774ab0e3e8770fcebe6e6007553ddd574aee458b05c6c

SHA512
140ad014215ece6fe75ffc6ce2bf3be0aeca33ac1f6f20924da82983da79129982e8ff5717816df8656798519855e7150b55d1dc8c1e4a4967a001f112622f2d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
07527adda553c8e53b2b66b63e1b5f02

SHA1
e72aa737ecad9ae6be2c3af115e2f4b36d847774

SHA256
b8c7461fd4fe1614a9ffe5d48d7b22e064c46bdf8722e3ede8d1368f92d527fe

SHA512
5994568544abc6a82b80a7ef73a96827e734f3963e992152ef6a1b5792c7e55e3c4aa80d68aca36f5adbd1a6687c774b6fc02b3b71d03e8a80cc18b5929f22b4

Download Submit