hxxps://github[.]com/NordVPN-Crack-key

Resubmissions

15/03/2025, 15:46

250315-s7vllaxsey 10

15/03/2025, 15:34

250315-sztpbswzhs 6

Analysis

max time kernel
192s
max time network
193s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
15/03/2025, 15:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/NordVPN-Crack-key

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
78	href.li
80	href.li
81	href.li

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	chrome.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133865264935585745"	chrome.exe

Modifies registry class 6 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3218366390-1258052702-4267193707-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3218366390-1258052702-4267193707-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3218366390-1258052702-4267193707-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3218366390-1258052702-4267193707-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428\DisplayName = "Chrome Sandbox"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3218366390-1258052702-4267193707-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428\Moniker = "cr.sb.odm3E4D1A088C1F6D498C84F3C86DE73CE49F82A104"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3218366390-1258052702-4267193707-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428\Children	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
4104	chrome.exe
4104	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
3888	7zFM.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs

pid	Process
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3008	chrome.exe
Token: SeCreatePagefilePrivilege	3008	chrome.exe
Token: SeShutdownPrivilege	3008	chrome.exe
Token: SeCreatePagefilePrivilege	3008	chrome.exe
Token: SeShutdownPrivilege	3008	chrome.exe
Token: SeCreatePagefilePrivilege	3008	chrome.exe
Token: SeShutdownPrivilege	3008	chrome.exe
Token: SeCreatePagefilePrivilege	3008	chrome.exe
Token: SeShutdownPrivilege	3008	chrome.exe
Token: SeCreatePagefilePrivilege	3008	chrome.exe
Token: SeShutdownPrivilege	3008	chrome.exe
Token: SeCreatePagefilePrivilege	3008	chrome.exe
Token: SeShutdownPrivilege	3008	chrome.exe
Token: SeCreatePagefilePrivilege	3008	chrome.exe
Token: SeShutdownPrivilege	3008	chrome.exe
Token: SeCreatePagefilePrivilege	3008	chrome.exe
Token: SeShutdownPrivilege	3008	chrome.exe
Token: SeCreatePagefilePrivilege	3008	chrome.exe
Token: SeShutdownPrivilege	3008	chrome.exe
Token: SeCreatePagefilePrivilege	3008	chrome.exe
Token: SeShutdownPrivilege	3008	chrome.exe
Token: SeCreatePagefilePrivilege	3008	chrome.exe
Token: SeShutdownPrivilege	3008	chrome.exe
Token: SeCreatePagefilePrivilege	3008	chrome.exe
Token: SeShutdownPrivilege	3008	chrome.exe
Token: SeCreatePagefilePrivilege	3008	chrome.exe
Token: SeShutdownPrivilege	3008	chrome.exe
Token: SeCreatePagefilePrivilege	3008	chrome.exe
Token: SeShutdownPrivilege	3008	chrome.exe
Token: SeCreatePagefilePrivilege	3008	chrome.exe
Token: SeShutdownPrivilege	3008	chrome.exe
Token: SeCreatePagefilePrivilege	3008	chrome.exe
Token: SeShutdownPrivilege	3008	chrome.exe
Token: SeCreatePagefilePrivilege	3008	chrome.exe
Token: SeShutdownPrivilege	3008	chrome.exe
Token: SeCreatePagefilePrivilege	3008	chrome.exe
Token: SeShutdownPrivilege	3008	chrome.exe
Token: SeCreatePagefilePrivilege	3008	chrome.exe
Token: SeShutdownPrivilege	3008	chrome.exe
Token: SeCreatePagefilePrivilege	3008	chrome.exe
Token: SeShutdownPrivilege	3008	chrome.exe
Token: SeCreatePagefilePrivilege	3008	chrome.exe
Token: SeShutdownPrivilege	3008	chrome.exe
Token: SeCreatePagefilePrivilege	3008	chrome.exe
Token: SeShutdownPrivilege	3008	chrome.exe
Token: SeCreatePagefilePrivilege	3008	chrome.exe
Token: SeShutdownPrivilege	3008	chrome.exe
Token: SeCreatePagefilePrivilege	3008	chrome.exe
Token: SeShutdownPrivilege	3008	chrome.exe
Token: SeCreatePagefilePrivilege	3008	chrome.exe
Token: SeShutdownPrivilege	3008	chrome.exe
Token: SeCreatePagefilePrivilege	3008	chrome.exe
Token: SeShutdownPrivilege	3008	chrome.exe
Token: SeCreatePagefilePrivilege	3008	chrome.exe
Token: SeShutdownPrivilege	3008	chrome.exe
Token: SeCreatePagefilePrivilege	3008	chrome.exe
Token: SeShutdownPrivilege	3008	chrome.exe
Token: SeCreatePagefilePrivilege	3008	chrome.exe
Token: SeShutdownPrivilege	3008	chrome.exe
Token: SeCreatePagefilePrivilege	3008	chrome.exe
Token: SeShutdownPrivilege	3008	chrome.exe
Token: SeCreatePagefilePrivilege	3008	chrome.exe
Token: SeShutdownPrivilege	3008	chrome.exe
Token: SeCreatePagefilePrivilege	3008	chrome.exe

Suspicious use of FindShellTrayWindow 36 IoCs

pid	Process
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3888	7zFM.exe
3888	7zFM.exe
2924	7zFM.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
6116	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3008 wrote to memory of 5240	3008	chrome.exe	84
PID 3008 wrote to memory of 5240	3008	chrome.exe	84
PID 3008 wrote to memory of 3320	3008	chrome.exe	86
PID 3008 wrote to memory of 3320	3008	chrome.exe	86
PID 3008 wrote to memory of 3320	3008	chrome.exe	86
PID 3008 wrote to memory of 3320	3008	chrome.exe	86
PID 3008 wrote to memory of 3320	3008	chrome.exe	86
PID 3008 wrote to memory of 3320	3008	chrome.exe	86
PID 3008 wrote to memory of 3320	3008	chrome.exe	86
PID 3008 wrote to memory of 3320	3008	chrome.exe	86
PID 3008 wrote to memory of 3320	3008	chrome.exe	86
PID 3008 wrote to memory of 3320	3008	chrome.exe	86
PID 3008 wrote to memory of 3320	3008	chrome.exe	86
PID 3008 wrote to memory of 3320	3008	chrome.exe	86
PID 3008 wrote to memory of 3320	3008	chrome.exe	86
PID 3008 wrote to memory of 3320	3008	chrome.exe	86
PID 3008 wrote to memory of 3320	3008	chrome.exe	86
PID 3008 wrote to memory of 3320	3008	chrome.exe	86
PID 3008 wrote to memory of 3320	3008	chrome.exe	86
PID 3008 wrote to memory of 3320	3008	chrome.exe	86
PID 3008 wrote to memory of 3320	3008	chrome.exe	86
PID 3008 wrote to memory of 3320	3008	chrome.exe	86
PID 3008 wrote to memory of 3320	3008	chrome.exe	86
PID 3008 wrote to memory of 3320	3008	chrome.exe	86
PID 3008 wrote to memory of 3320	3008	chrome.exe	86
PID 3008 wrote to memory of 3320	3008	chrome.exe	86
PID 3008 wrote to memory of 3320	3008	chrome.exe	86
PID 3008 wrote to memory of 3320	3008	chrome.exe	86
PID 3008 wrote to memory of 3320	3008	chrome.exe	86
PID 3008 wrote to memory of 3320	3008	chrome.exe	86
PID 3008 wrote to memory of 3320	3008	chrome.exe	86
PID 3008 wrote to memory of 3320	3008	chrome.exe	86
PID 3008 wrote to memory of 3548	3008	chrome.exe	87
PID 3008 wrote to memory of 3548	3008	chrome.exe	87
PID 3008 wrote to memory of 640	3008	chrome.exe	88
PID 3008 wrote to memory of 640	3008	chrome.exe	88
PID 3008 wrote to memory of 640	3008	chrome.exe	88
PID 3008 wrote to memory of 640	3008	chrome.exe	88
PID 3008 wrote to memory of 640	3008	chrome.exe	88
PID 3008 wrote to memory of 640	3008	chrome.exe	88
PID 3008 wrote to memory of 640	3008	chrome.exe	88
PID 3008 wrote to memory of 640	3008	chrome.exe	88
PID 3008 wrote to memory of 640	3008	chrome.exe	88
PID 3008 wrote to memory of 640	3008	chrome.exe	88
PID 3008 wrote to memory of 640	3008	chrome.exe	88
PID 3008 wrote to memory of 640	3008	chrome.exe	88
PID 3008 wrote to memory of 640	3008	chrome.exe	88
PID 3008 wrote to memory of 640	3008	chrome.exe	88
PID 3008 wrote to memory of 640	3008	chrome.exe	88
PID 3008 wrote to memory of 640	3008	chrome.exe	88
PID 3008 wrote to memory of 640	3008	chrome.exe	88
PID 3008 wrote to memory of 640	3008	chrome.exe	88
PID 3008 wrote to memory of 640	3008	chrome.exe	88
PID 3008 wrote to memory of 640	3008	chrome.exe	88
PID 3008 wrote to memory of 640	3008	chrome.exe	88
PID 3008 wrote to memory of 640	3008	chrome.exe	88
PID 3008 wrote to memory of 640	3008	chrome.exe	88
PID 3008 wrote to memory of 640	3008	chrome.exe	88
PID 3008 wrote to memory of 640	3008	chrome.exe	88
PID 3008 wrote to memory of 640	3008	chrome.exe	88
PID 3008 wrote to memory of 640	3008	chrome.exe	88
PID 3008 wrote to memory of 640	3008	chrome.exe	88
PID 3008 wrote to memory of 640	3008	chrome.exe	88
PID 3008 wrote to memory of 640	3008	chrome.exe	88

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/NordVPN-Crack-key
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffd35cfdcf8,0x7ffd35cfdd04,0x7ffd35cfdd10
  2⤵
  PID:5240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=1984,i,7496512662619599070,9375969533788950174,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=1980 /prefetch:2
  2⤵
  PID:3320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --field-trial-handle=1856,i,7496512662619599070,9375969533788950174,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=2232 /prefetch:3
  2⤵
  PID:3548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --field-trial-handle=2380,i,7496512662619599070,9375969533788950174,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=2376 /prefetch:8
  2⤵
  PID:640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3112,i,7496512662619599070,9375969533788950174,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3188 /prefetch:1
  2⤵
  PID:5444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3104,i,7496512662619599070,9375969533788950174,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3160 /prefetch:1
  2⤵
  PID:3180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --extension-process --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4268,i,7496512662619599070,9375969533788950174,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4288 /prefetch:2
  2⤵
  PID:5572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5216,i,7496512662619599070,9375969533788950174,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4728 /prefetch:8
  2⤵
  PID:5748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=5596,i,7496512662619599070,9375969533788950174,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5472 /prefetch:1
  2⤵
  PID:5716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=3276,i,7496512662619599070,9375969533788950174,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3220 /prefetch:1
  2⤵
  PID:2608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5632,i,7496512662619599070,9375969533788950174,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3900 /prefetch:1
  2⤵
  PID:4468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5756,i,7496512662619599070,9375969533788950174,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5788 /prefetch:1
  2⤵
  PID:5412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5584,i,7496512662619599070,9375969533788950174,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5252 /prefetch:1
  2⤵
  PID:3152
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5464,i,7496512662619599070,9375969533788950174,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3220 /prefetch:1
  2⤵
  PID:5312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=3272,i,7496512662619599070,9375969533788950174,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=6064 /prefetch:1
  2⤵
  PID:5968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5808,i,7496512662619599070,9375969533788950174,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=6136 /prefetch:1
  2⤵
  PID:2184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5960,i,7496512662619599070,9375969533788950174,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5976 /prefetch:8
  2⤵
  PID:2860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5916,i,7496512662619599070,9375969533788950174,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5988 /prefetch:8
  2⤵
  PID:964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5928,i,7496512662619599070,9375969533788950174,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=6124 /prefetch:8
  2⤵
  PID:6116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=4372,i,7496512662619599070,9375969533788950174,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4368 /prefetch:8
  2⤵
  PID:996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=5976,i,7496512662619599070,9375969533788950174,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5472 /prefetch:1
  2⤵
  PID:3680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=6416,i,7496512662619599070,9375969533788950174,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=6396 /prefetch:8
  2⤵
  PID:1640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=1496,i,7496512662619599070,9375969533788950174,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=960 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=on_device_model.mojom.OnDeviceModelService --lang=en-US --service-sandbox-type=on_device_model_execution --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=4648,i,7496512662619599070,9375969533788950174,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5420 /prefetch:8
  2⤵
  PID:3112

C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"
1⤵
PID:5232

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3176

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x504 0x2f0
1⤵
PID:5612

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4240

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\♦•Rèady•Fîlè•PassW0rd•Is•♦101515•.zip"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
PID:3888

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:6116

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\♦•Rèady•Fîlè•PassW0rd•Is•♦101515•.7z"
1⤵
- Suspicious use of FindShellTrayWindow
PID:2924

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\37fa6a26-24a8-4ad8-9bd5-6792c6d424f2.tmp

Filesize
15KB

MD5
551bc1ff735768232613b8bcc8036d61

SHA1
8fee79fd77e866cce53ca9275d414b8280a7afa2

SHA256
0015f9d485913e5a0216dc05a7688e2ac7765dd2e35d546e3469dcd5444df1f2

SHA512
425040a9c145ea9fb47933bfd12939ef245d6be2f3b0fc3d6ba5ffaa8b008202303e1dd288fdf6029451e623e0d6783a586b7e18f341fbed2c5e6c3ecf82ec4c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
414B

MD5
3e3602badddc04e81e001123579e7385

SHA1
e99b7301fccd5c82f69c66a664bf112d311691a6

SHA256
30c9edfe5e7eef1a03a2a4c9754baae0a85f0b5cd3997baabcd3365dc45dffd3

SHA512
9423269a0bc90be57912ca26cd83663e722f022905a5fcde6950f39682437b5de1ac589a40eec613306a9342aad2f84c2eb98c4259bfed9b6d75e72cd2d09701

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
e29177da4c91d80156b76b52f9bd19bf

SHA1
386c476e33b81a8426a56571c76bec2611f79157

SHA256
8d1f7f08b90b31fe72caa7b4e780ba33b6a9cf32036031786d2ed6b4144d40b7

SHA512
11caddeab4a0a47e7cc1cb564412a9eee42cbf97b3c5e4e29403b34802f72646e4e2f0a1b22a085907f5bcd6e17c3eccd8ee2d60bea467e2b7a61d153ece8a0d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\000\p\Paths\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
7KB

MD5
6fbc3e1010e55a67409bd9cf9d02f44d

SHA1
18b75d7e5b12216d081f3a3a0fa6be6717db0cf4

SHA256
fde7c15874ec41713887423a5a51c9f88d86a2375898d9b646739dc88f376cdb

SHA512
e1cc520ab64d2b2f75ed082e5245914803287998752559383d849deb0016569d0293b597c11e3d9e91735ae60651741fea662de7d372d63eaa5e0b4d755d09a2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
ef3a798d3e9ca25fe13a000204abe338

SHA1
3ed3ee6869c0a2a87f9d8d63ff4476664405c548

SHA256
b8c0bb7d1e223534a731bb13426e3dc75768b49e432c878a80095733bc4a4a67

SHA512
c89fa86e51c48d2f2f155b56fe43b2b67272769497d4488659c8661fc009c052bcae32af83369a209f191245b8b6baac0cd300a8c0ca38a38dea6a341dd211b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
ec8a19ad81dd0d92f3f33c8e96b2873c

SHA1
1d97eb5ea34e0d9e2e03b9992ba78a5c46cd220b

SHA256
c5e8dbaf181bbd7d65b754dcdacc1a52e61bc8088486aaf6a7e44e5c78b707d7

SHA512
af22ef99024cf7f7e433ec90a8e7a593ce9d5e340ab6bdaaf3b841503ff034afcd365a35c32b3b1b00f13b2a441c9a945eff9d654696c9e1bb64ce7a1ec0a96b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
4c3990ed54c3eccdaffbc30d8c64aa45

SHA1
026905fbd8e93996fccc98a97e021c834f6f8e9c

SHA256
1ab6eb0ca2e224b3ed67bba6992da233b5d3d6fbf6ae213909fb5fdeee0f8b85

SHA512
3a36cba87e9352ec4da3b2b18b9761b97d5c0230415126ced2b5a7c3029b8f2ec3a0c93fd2c8774cc4d191a26a2c6f49e38ad65c259e8c4b3d33eae458dcddbf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
8a6ba0e5e7262a306753d01bd71dc920

SHA1
0386e40bb5ba84c4b08579ee702083459ec87c80

SHA256
5967327ee8f6e83d2cb1e403e59327fd78cd67333f334dfea381c48651a64cd9

SHA512
f04d824aba1645136b3d2d2c33508fc87691fd8d6abd025d571fb3583465cb2e8c2cf2509ca2e4e3779e583fdb97a9cbf0518645ac9ad30ca9e00735dc05fabc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
b9869ffe4fd55f18981083f88fd4175d

SHA1
410f4ce0a3c6fc33dcba40136612932fd52403d2

SHA256
01634843088e1524fd8bbba5c3fb337e9921aa953c3c22d0a58fdf213751a209

SHA512
488415b2c29f9fd3984db85a6e634e1a834cd46282e75b564b74e146da6de67d751c639e416ef7e29a0185858bb97472a34cb64c90c61a93924e082f7fb62dc2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
f9389c4faadd98e9f3c18ea72dff280b

SHA1
b48fe8ffa7852b720d6c4d8a6d547926b0beb0f7

SHA256
34c2b138ec9d64b02aefdaad7f2c5320e38611b1c7586b426bb1f87b38f7ae13

SHA512
be28a3d518fff5e9e436ce7c6f556d3933f2a9877e856f2d8c81c06d7a50a45c791a2a54d5f69ded5a757f26a699ce27440a100b7a6eef658ac80c0bc812b10c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
854f74d11d5915992bac70f63f1449c9

SHA1
ffb3f58bcbca6eb0812d8f750b03142f7d43f085

SHA256
5069d9717f02faa912896368e82f03f62863845654126e137449d91aa5fd836f

SHA512
7700b90bd239dbdd1d32382d99c968bbfd9e08b5c5e7f3fc5cd643b81ff6d163f7fd916e560c05a8de0b53c968041bbd6c0a5ec77f4e5933fd85b7f81be34952

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
6e4f44eb3920de61274a77a9c345eec2

SHA1
9a6436ea809e4e86ede9ebb6c3c4b89cb6545484

SHA256
122e54908338b43ac2958365c7f4fd272d054c5985d736f6bf29485eda3e7104

SHA512
dd3d26d8cd5f934a4673d0e0b13b19b9bae04be74a93a6b26824665f1f158ee23d6596fda634c76eda4a4a986e558c4225de3365d1220a8165e29d62b38dc44f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
4a76a9fb20ab1852bd10d170d4fc6f9f

SHA1
e4b48b8045e70b9b03a5a047832afe895622a6e9

SHA256
fcae784d53fba912fae4586984bb6c2abb776fc521c953d1bf31c047f2aa2d7d

SHA512
ebfb228a7a80ce045a402fe3fb742ffeccd43482ce797a552c67c783a79d1a208c761ff3b59094e1bc6f391d7f1a2e805e6272084a69a3705b88312edd100a41

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5790a7.TMP

Filesize
48B

MD5
006e5694192eab0d504fb932e71ed628

SHA1
f7adc56f379fcee06838abdd8fb08188f7b32736

SHA256
64d14a0b596704b26a97e7e712cd469df4459d41ccdc6fdc3ff6ab58d9326693

SHA512
50707b88aaafeb208a346787bf5478097951906d9796c5a374058c616715092ccdb6616b549a0e3aff9798099847b35a8657738f79277c7df88abd0d2f0db56e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
81KB

MD5
9afdf4d813ff6ff158e9f3af8fa422d8

SHA1
af6a00a4f577c700f969484b09bec939167ca784

SHA256
26cdd5bc9e69b52f48308d10fa8d380101da8f7ced9c8afa56b1e1fac3749c96

SHA512
4a964c16093e6b9a3c0bae4fde758effcc561d1d2eb0976da6dcc6c961dfa2151bb2b0bfcc47bd80fe8472b669eddaa77eccd79c1dcffb8c1d5edd502de17bca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
81KB

MD5
126d57ed24307e2a26bf9700386c12d7

SHA1
68269f02611f60ac2aedd41502dfa04bfdf57670

SHA256
f7d35e7d57949160d6a17cb981c3514fb57af8195bf464358f3ccb80cbe85d94

SHA512
7e5743be5be482c58bae1658c16f69283627d1339e0df37e23e3754658c177390383cf91eb7c43f35f69c73a02691f2cd792bc3ff6043349796583cbb51e464f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
80KB

MD5
031ba527880635fe549d9998f6ed3c73

SHA1
2d85160f4303a0bb88b532d80382aaa71a8ed0cc

SHA256
d0a16086efb963995e2f1f18a3fd3438d6f606ddad1dfb5860e17ffd791e4260

SHA512
fa0b48cda5e9b6dcfa227fa693c24fa2033e94ed12e3c4bf756c96c86192044a4e8ddd2735491dca191920274f50e3820ca223ec7189fa661f48c7afb66ac66d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
81KB

MD5
e579271c7c1092c654a02b3c57a74323

SHA1
a051881bb0010ed621fc6281e555cf42c4913713

SHA256
ac323892ab0a0196251ad36294b17db4ca59bee3ba71589a1e5b857e0045e504

SHA512
f5f55c2711c7f3221ee1827797b9f6df0a059f22600a32f9cbf87039d002505990d8e23432b44012da9da793626366380c32e19b9d8389197dca5a88750b7927

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\Downloads\♦•Rèady•Fîlè•PassW0rd•Is•♦101515•.7z

Filesize
8.0MB

MD5
753a97b227c8b79933b6cc8a0fd33e44

SHA1
54c63f334264edd6fc68bb861c196ad47952d58d

SHA256
3aefc1a92cf07f3ed307ebe21ff45ff2a4833c636b7bb62e45ff016f29d0960c

SHA512
a11167e136b08007b5647b5ee9467ea673e40d281cc71c83229e838068c193a26d3b940839b9d5f29d66353705144e9e5791d1d73b65dc412057f8a35e092972

Download Submit
C:\Users\Admin\Downloads\♦•Rèady•Fîlè•PassW0rd•Is•♦101515•.zip

Filesize
8.0MB

MD5
f2dd33de24f4e98dda3bb3da6991199a

SHA1
de79c4d92d9b54b5fc8bb3e32235844412a9a237

SHA256
7e3b5496e7e4feb113d2e4979492a1f5899891f786a0cd4e04ecac6fcc5347cd

SHA512
228e8ba236d4e49828ffaa7b93d79d35239bb483ebbc325275aa33ffc998fca53e12924641f3c616c61ed98edb4543750cc2e90921bc19b8b2460862fe9c5b2f

Download Submit