b9c5066cd8282589f83f322db934cfe034c51357f32ed73a24b46f94696ec06c

Analysis

max time kernel
189s
max time network
190s
platform
windows10-2004_x64
resource
win10v2004-20250410-en
resource tags

arch:x64arch:x86image:win10v2004-20250410-enlocale:en-usos:windows10-2004-x64system
submitted
14/04/2025, 18:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

isaac-ng.exe
Size

8.3MB
MD5

0befc0730d9fe25f64613131138f4951
SHA1

7384f5f2d36c43bc5d003f8ed9d56b905135bf24
SHA256

b9c5066cd8282589f83f322db934cfe034c51357f32ed73a24b46f94696ec06c
SHA512

8d179fdbf5094885fc02c1760e64a6ee322993786ba70c4b57c9304fe7656fe8e71644a4d083a246e4dd70e2170ac8bbcc1a104ea195edf0b42e3e7ec4fee465
SSDEEP

98304:yFiuWICi9dBkaDFMjir7tMwXL/6uOdrMNvnVa225BWUgBxgvhiWaOuBuZsIP8d+d:Rt9wr7+aL/6uOdrvD9sIP8dKxCqv

Score

8^/10

steam discovery phishing

Malware Config

Signatures

Downloads MZ/PE file 1 IoCs

flow	pid	Process
126	4824	chrome.exe

Detected potential entity reuse from brand STEAM. 1 IoCs

phishing steam

flow	pid	Process
96	4824	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	isaac-ng.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	chrome.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133891306955766871"	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
5892	chrome.exe
5892	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3044	chrome.exe
Token: SeCreatePagefilePrivilege	3044	chrome.exe
Token: SeShutdownPrivilege	3044	chrome.exe
Token: SeCreatePagefilePrivilege	3044	chrome.exe
Token: SeShutdownPrivilege	3044	chrome.exe
Token: SeCreatePagefilePrivilege	3044	chrome.exe
Token: SeShutdownPrivilege	3044	chrome.exe
Token: SeCreatePagefilePrivilege	3044	chrome.exe
Token: SeShutdownPrivilege	3044	chrome.exe
Token: SeCreatePagefilePrivilege	3044	chrome.exe
Token: SeShutdownPrivilege	3044	chrome.exe
Token: SeCreatePagefilePrivilege	3044	chrome.exe
Token: SeShutdownPrivilege	3044	chrome.exe
Token: SeCreatePagefilePrivilege	3044	chrome.exe
Token: SeShutdownPrivilege	3044	chrome.exe
Token: SeCreatePagefilePrivilege	3044	chrome.exe
Token: SeShutdownPrivilege	3044	chrome.exe
Token: SeCreatePagefilePrivilege	3044	chrome.exe
Token: SeShutdownPrivilege	3044	chrome.exe
Token: SeCreatePagefilePrivilege	3044	chrome.exe
Token: SeShutdownPrivilege	3044	chrome.exe
Token: SeCreatePagefilePrivilege	3044	chrome.exe
Token: SeShutdownPrivilege	3044	chrome.exe
Token: SeCreatePagefilePrivilege	3044	chrome.exe
Token: SeShutdownPrivilege	3044	chrome.exe
Token: SeCreatePagefilePrivilege	3044	chrome.exe
Token: SeShutdownPrivilege	3044	chrome.exe
Token: SeCreatePagefilePrivilege	3044	chrome.exe
Token: SeShutdownPrivilege	3044	chrome.exe
Token: SeCreatePagefilePrivilege	3044	chrome.exe
Token: SeShutdownPrivilege	3044	chrome.exe
Token: SeCreatePagefilePrivilege	3044	chrome.exe
Token: SeShutdownPrivilege	3044	chrome.exe
Token: SeCreatePagefilePrivilege	3044	chrome.exe
Token: SeShutdownPrivilege	3044	chrome.exe
Token: SeCreatePagefilePrivilege	3044	chrome.exe
Token: SeShutdownPrivilege	3044	chrome.exe
Token: SeCreatePagefilePrivilege	3044	chrome.exe
Token: SeShutdownPrivilege	3044	chrome.exe
Token: SeCreatePagefilePrivilege	3044	chrome.exe
Token: SeShutdownPrivilege	3044	chrome.exe
Token: SeCreatePagefilePrivilege	3044	chrome.exe
Token: SeShutdownPrivilege	3044	chrome.exe
Token: SeCreatePagefilePrivilege	3044	chrome.exe
Token: SeShutdownPrivilege	3044	chrome.exe
Token: SeCreatePagefilePrivilege	3044	chrome.exe
Token: SeShutdownPrivilege	3044	chrome.exe
Token: SeCreatePagefilePrivilege	3044	chrome.exe
Token: SeShutdownPrivilege	3044	chrome.exe
Token: SeCreatePagefilePrivilege	3044	chrome.exe
Token: SeShutdownPrivilege	3044	chrome.exe
Token: SeCreatePagefilePrivilege	3044	chrome.exe
Token: SeShutdownPrivilege	3044	chrome.exe
Token: SeCreatePagefilePrivilege	3044	chrome.exe
Token: SeShutdownPrivilege	3044	chrome.exe
Token: SeCreatePagefilePrivilege	3044	chrome.exe
Token: SeShutdownPrivilege	3044	chrome.exe
Token: SeCreatePagefilePrivilege	3044	chrome.exe
Token: SeShutdownPrivilege	3044	chrome.exe
Token: SeCreatePagefilePrivilege	3044	chrome.exe
Token: SeShutdownPrivilege	3044	chrome.exe
Token: SeCreatePagefilePrivilege	3044	chrome.exe
Token: SeShutdownPrivilege	3044	chrome.exe
Token: SeCreatePagefilePrivilege	3044	chrome.exe

Suspicious use of FindShellTrayWindow 32 IoCs

pid	Process
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3044 wrote to memory of 5504	3044	chrome.exe	94
PID 3044 wrote to memory of 5504	3044	chrome.exe	94
PID 3044 wrote to memory of 4560	3044	chrome.exe	97
PID 3044 wrote to memory of 4560	3044	chrome.exe	97
PID 3044 wrote to memory of 4824	3044	chrome.exe	96
PID 3044 wrote to memory of 4824	3044	chrome.exe	96
PID 3044 wrote to memory of 4560	3044	chrome.exe	97
PID 3044 wrote to memory of 4560	3044	chrome.exe	97
PID 3044 wrote to memory of 4560	3044	chrome.exe	97
PID 3044 wrote to memory of 4560	3044	chrome.exe	97
PID 3044 wrote to memory of 4560	3044	chrome.exe	97
PID 3044 wrote to memory of 4560	3044	chrome.exe	97
PID 3044 wrote to memory of 4560	3044	chrome.exe	97
PID 3044 wrote to memory of 4560	3044	chrome.exe	97
PID 3044 wrote to memory of 4560	3044	chrome.exe	97
PID 3044 wrote to memory of 4560	3044	chrome.exe	97
PID 3044 wrote to memory of 4560	3044	chrome.exe	97
PID 3044 wrote to memory of 4560	3044	chrome.exe	97
PID 3044 wrote to memory of 4560	3044	chrome.exe	97
PID 3044 wrote to memory of 4560	3044	chrome.exe	97
PID 3044 wrote to memory of 4560	3044	chrome.exe	97
PID 3044 wrote to memory of 4560	3044	chrome.exe	97
PID 3044 wrote to memory of 4560	3044	chrome.exe	97
PID 3044 wrote to memory of 4560	3044	chrome.exe	97
PID 3044 wrote to memory of 4560	3044	chrome.exe	97
PID 3044 wrote to memory of 4560	3044	chrome.exe	97
PID 3044 wrote to memory of 4560	3044	chrome.exe	97
PID 3044 wrote to memory of 4560	3044	chrome.exe	97
PID 3044 wrote to memory of 4560	3044	chrome.exe	97
PID 3044 wrote to memory of 4560	3044	chrome.exe	97
PID 3044 wrote to memory of 4560	3044	chrome.exe	97
PID 3044 wrote to memory of 4560	3044	chrome.exe	97
PID 3044 wrote to memory of 4560	3044	chrome.exe	97
PID 3044 wrote to memory of 4560	3044	chrome.exe	97
PID 3044 wrote to memory of 3488	3044	chrome.exe	98
PID 3044 wrote to memory of 3488	3044	chrome.exe	98
PID 3044 wrote to memory of 3488	3044	chrome.exe	98
PID 3044 wrote to memory of 3488	3044	chrome.exe	98
PID 3044 wrote to memory of 3488	3044	chrome.exe	98
PID 3044 wrote to memory of 3488	3044	chrome.exe	98
PID 3044 wrote to memory of 3488	3044	chrome.exe	98
PID 3044 wrote to memory of 3488	3044	chrome.exe	98
PID 3044 wrote to memory of 3488	3044	chrome.exe	98
PID 3044 wrote to memory of 3488	3044	chrome.exe	98
PID 3044 wrote to memory of 3488	3044	chrome.exe	98
PID 3044 wrote to memory of 3488	3044	chrome.exe	98
PID 3044 wrote to memory of 3488	3044	chrome.exe	98
PID 3044 wrote to memory of 3488	3044	chrome.exe	98
PID 3044 wrote to memory of 3488	3044	chrome.exe	98
PID 3044 wrote to memory of 3488	3044	chrome.exe	98
PID 3044 wrote to memory of 3488	3044	chrome.exe	98
PID 3044 wrote to memory of 3488	3044	chrome.exe	98
PID 3044 wrote to memory of 3488	3044	chrome.exe	98
PID 3044 wrote to memory of 3488	3044	chrome.exe	98
PID 3044 wrote to memory of 3488	3044	chrome.exe	98
PID 3044 wrote to memory of 3488	3044	chrome.exe	98
PID 3044 wrote to memory of 3488	3044	chrome.exe	98
PID 3044 wrote to memory of 3488	3044	chrome.exe	98
PID 3044 wrote to memory of 3488	3044	chrome.exe	98
PID 3044 wrote to memory of 3488	3044	chrome.exe	98
PID 3044 wrote to memory of 3488	3044	chrome.exe	98
PID 3044 wrote to memory of 3488	3044	chrome.exe	98
PID 3044 wrote to memory of 3488	3044	chrome.exe	98
PID 3044 wrote to memory of 3488	3044	chrome.exe	98

C:\Users\Admin\AppData\Local\Temp\isaac-ng.exe
"C:\Users\Admin\AppData\Local\Temp\isaac-ng.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:6040

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffe03a2dcf8,0x7ffe03a2dd04,0x7ffe03a2dd10
  2⤵
  PID:5504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --field-trial-handle=1588,i,11398349899889709166,17832533379657062862,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=2076 /prefetch:3
  2⤵
  - Downloads MZ/PE file
  - Detected potential entity reuse from brand STEAM.
  PID:4824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=1796,i,11398349899889709166,17832533379657062862,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=1792 /prefetch:2
  2⤵
  PID:4560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --field-trial-handle=2372,i,11398349899889709166,17832533379657062862,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=2388 /prefetch:8
  2⤵
  PID:3488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3168,i,11398349899889709166,17832533379657062862,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=3188 /prefetch:1
  2⤵
  PID:4820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=1592,i,11398349899889709166,17832533379657062862,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=3224 /prefetch:1
  2⤵
  PID:4808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --extension-process --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4444,i,11398349899889709166,17832533379657062862,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=4468 /prefetch:2
  2⤵
  PID:4900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4760,i,11398349899889709166,17832533379657062862,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=4720 /prefetch:1
  2⤵
  PID:1656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5400,i,11398349899889709166,17832533379657062862,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=5412 /prefetch:8
  2⤵
  PID:1776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5572,i,11398349899889709166,17832533379657062862,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=5580 /prefetch:8
  2⤵
  PID:232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=240,i,11398349899889709166,17832533379657062862,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=5672 /prefetch:8
  2⤵
  PID:3936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5812,i,11398349899889709166,17832533379657062862,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=5500 /prefetch:8
  2⤵
  PID:5684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5584,i,11398349899889709166,17832533379657062862,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=5916 /prefetch:8
  2⤵
  PID:5660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=4584,i,11398349899889709166,17832533379657062862,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=4456 /prefetch:1
  2⤵
  PID:3912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=3296,i,11398349899889709166,17832533379657062862,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=3236 /prefetch:1
  2⤵
  PID:2920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=3184,i,11398349899889709166,17832533379657062862,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=3644 /prefetch:1
  2⤵
  PID:1976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=3304,i,11398349899889709166,17832533379657062862,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=4564 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=4884,i,11398349899889709166,17832533379657062862,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=3344 /prefetch:1
  2⤵
  PID:4652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=3052,i,11398349899889709166,17832533379657062862,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=3240 /prefetch:1
  2⤵
  PID:5360

C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"
1⤵
PID:4620

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:1728

Network

MITRE ATT&CK Enterprise v16

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
414B

MD5
53112a74d88e4e144a010f2c50160a92

SHA1
9d76b4551f6b8af819b9b9818c8f5bf3b199e2a1

SHA256
906dcafbef3c5960dd1f7ca700d7d9ba167923622d6e7aa4961d86d8eb93ea18

SHA512
22031e17b97127ffe5301336459115b799c5afe9c0600bab3b1a0d546a317dd0d3a36432641353198e9bf1a45c7dad5bc23fd934245e19f9493dbf6c666af5e3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
216KB

MD5
50a7159ff34dea151d624f07e6cb1664

SHA1
e13fe30db96dcee328efda5cc78757b6e5b9339c

SHA256
e990d9d31c4c7d57dd4795e43baea05501fb6ea8b7760f89001be660425dd01b

SHA512
a7768dd7e315b07754a305080e0fc023765e5a224b2c3824e8e10f29286df63bbdefef379e069941fd8cd9c7c3befce976779ae2efdfb6e7da697b09d7f07250

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
c6c9260d2a418a8bdd84be83e99b33c0

SHA1
fc8e010ace6133afeb7beec98db0d32e194f4007

SHA256
36c33104d67aca2b12163f0c73cfd440f3f02bcb4be1aebb48574135d131c205

SHA512
ac85b20e8dcfd32cc165a6ce2567ce9f74208ba3afaf28db878b2917bcb1ebef8dd901d0982105ac6ee25fc0a6619df133486cdb978e85671f64819b2cfd4263

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
14ed09edeb9693492dce1e46da223b99

SHA1
06a9669cd4518d4cb8dfadc5c097ba7b0bbdd61f

SHA256
2a8a4fa4ab90c664449178dad307417dab2500d18cbfff5f584a11d189cf215a

SHA512
d9494841aba4f419332d02d59c54fadea40038ce359c5a6ddbdf2ceb753d0927946f0f9a3105c9060db586fa908570b328de92f4c09ed00957f74e63739c0a66

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
48b568e4db5803805074473c6503dc33

SHA1
163c98e6892f48b4082634baf326589bd2f828de

SHA256
6e5b5f381a954b38f69946c426404b092aaec377a60589fb33da530d14d607bd

SHA512
8d017a076f7f1db14c8ba2bb8131bb6206803a9cb150ff7f84f30121ba785ada4296b080eb8eb5a53f08205ce2a44d34d7a91d718f4142040590fb6d822cfbd1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
3110c39c17ef1718050165e7b7549252

SHA1
be0aa839f62faa88ee3beb9b4dec3e802e3f9e84

SHA256
47c31dc09e74b5d8dd185f76ec8457104be10f735f689947066b3e513826d5b9

SHA512
5cf655bcc64d1fd5ac0abd6a70e6d6eb46f7d717e757c2b6209ccd535cbc93f6924a9713d248b427a224ab6b0cc7c11e0eff7db3294aa4c2ab102f4ae73b2c31

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
9a6c0aa8c76ec0876be7a9de34dc2378

SHA1
3cf8ec7c133f5a868d40187f527bbd1e54e2ca69

SHA256
dcd706636b6bad7e8666d6f923d1fff6f181703b605397c947c2d9a851fe8e1a

SHA512
f53de0239d5b94006b47b2cddcb0a08c8a27adc0a64ffac3075875ef31834af61e5848af6ada469237e9ea43e6168d8237f6f4779deec421e975db753d2cef42

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
c3373a82328c17b4e2caacb18b43290a

SHA1
e25b31b4438e85c2f5244c15d7358351a0c029cc

SHA256
01ba0c30047f7a5659a4c4564d84b6774d51899393c5ca64ac088db2f4c7adeb

SHA512
d5e3f35d4329bec1f5e5a2d14dd6e84f2116c45b36122dbedd0c67d7669f4099c4274bd9083a69471445d25066e33067707855b7289478fa1606823b1f8d0650

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
da3a93d0b9cb06abce6538df6f833b3b

SHA1
6503f25a65c70128cc12181f7a3e961846aecb99

SHA256
348a4c45688418c4f6af26b800a401478084ed9473c95ad2f02402dca25ff47d

SHA512
d4c1fd3c371c03197a41f20618e6f20b532de2ae1bf23c36e3e76a60210d9d9c667e62f76eaea2983265638a7bf9aad38ed0e4a238585eb75807703cc52454d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
a4c09053c3dd6495dffc82c06271da61

SHA1
4325265259e724893a0f96e77c1cb76bdadadaec

SHA256
21a7aebdeb9c46f1d59e9f2ef3d17709bd06dbe6515eab1215df6c035b740570

SHA512
ae45d9ae4d83a2be3124c2c92815e7dca639497998654da9d1eab442a8e55e44311625b99e8ed135623b0e6282c690a0675c32a4392adccdba2458031b0601a3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
c956eab4de83b2c6991c0f1dc7b19ba7

SHA1
51f825a67aeba05dc89cfdf6b29f0764f360ecdb

SHA256
c855c92a0bb34a65a259bc3cddc74422bfd0b322a186d51fce4296fe06630edb

SHA512
47cedf5e1a1075bba5a338d3ac3cbf55b13578e517e053e0877570ee9699abe3101a80f555dbf3c9498b7d50518ad693b8f59280e020f61ee4f8d5d95b90ea92

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
9904f588dc73bab1609938ddc1f1388a

SHA1
736ccc247b406ef3bb144b854fc8389ce789e100

SHA256
2ac261e7aceb19792981b2f649cf25d96a3e836a7dc89cdd6010867d9380738d

SHA512
ccc2c21ea98d86f3fd89add9c6984cc274beace55bedd763ff0530db00a89aad103945e064400900c7cebb958793ddbe6f8e90d454183e24fb66b805dc351256

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
03e76cba141c500e428eb52046f47978

SHA1
95574e38fa9b1aa612ebd95a31c2a1f0f6aef8ee

SHA256
b791eeabb92bd7ded5cf11880b948d9c8a85873092fa2d5ce8f760ac103c7101

SHA512
a71ec7150ed6ff57691be84ccfa3dcb49404f4ee4f4b627b826280cd1114d45731b5bddb4f0c705c5e8f942d0c054af2458abc5b74255588b1db014a44a0f4f7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
5a9d30ae375a1a63eea2e9a618db74cc

SHA1
a74d3723f378a05edefafec690ae98cc4bc0e65e

SHA256
7e3c74ac3b65f384088c6c8592007aab004f879a7a4960dc2cae1d96f5a4f806

SHA512
f48c84e6bd4f25b747e672c66c6c804d3beaaf6100c18bea13831ab31185350ded92ec7e28d251ea2dc617b62b059e270a88b942fc506ee4b7c34ef3235ce5e0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
3e65efc8dfc9403cf85bbd1aaad80158

SHA1
a45c395507b570ebb98fc9f5c27e29c39b622cc2

SHA256
02b17c6a13d84c436fecdf5be6d95bb2afa51bc0282c4704bee026a55f41dba0

SHA512
45ad2fd0be7cbacf50a1b53e2d5570ebf54d1737a1ca15cabe7a022407fc66ff25290d1bf608cc9401ca721b65a81ba4b0dc0243544653e7f082d7332e289afa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
4794a00bf68d7e9ab2b044f47f95389a

SHA1
6b9283dc8589f21299cd8fa3f444f37971048d6b

SHA256
3f60be39d4f2ab284c6b38c714126d7d5a8920f70841918e278ebf2bef7e375b

SHA512
df8e175b261e645f055c62514c54690da1157375437a340598f7dc0ddecb826e5581ed8333ac93f0a70680cb5e3f91580b3ef91df1c1e93baaa34a7b6ed589b0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe58003a.TMP

Filesize
48B

MD5
ecee8485fc0d13ef225c073ad6923fd6

SHA1
f0f9cef5e08ee96da7ea93c6be2e429bd7a694d8

SHA256
05fe2305ba3e4ebf16bfd79e72098815ab879b58f142201853a474f173874089

SHA512
5c04c95a5fcc4ef057948d9708963aaea501f6e0ff8273e8f2e544fe2ee55f3cb7e0c3ed6287833c1452f144a81ec21ec1f20ace7c874a4d6b2819f24528f723

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
153KB

MD5
356009d3ba43687525eac3eeba06d9d8

SHA1
bef58f03f26e8a56d9f9ceb69395c8e2db292688

SHA256
dad12d9b8ee632575ad3c42dd39858b2578047cdaae4835f2e0d2e5ba84afb4a

SHA512
4f2c249c2de1c94140c4f56558ba9a74c38a6b2f9b69a038eb78fd5e8cb8a0efb06a296f0e05fb8daf7f1547b04dd7e6b985a5ed2cc79a145ab2ab7cc872130a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
78KB

MD5
d92e373ddcc660078a38f392619f52b9

SHA1
8699ead805680b14c46ed312776bd6a64551b21f

SHA256
fc1c68ca392168af24ab427b6d5c74caeaed3caa5d20bec81179abb1be8c5b33

SHA512
0e266d5ca1e218cfdb1069df25b2438222d1bfd692286c7c8b18dc65e144f24a14e9ad8577f3bdf1ace7ffc22881da7b7773157267e614eb386dd70bb7a1355c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
153KB

MD5
50e6989223bd6365cf32f40a239d5443

SHA1
49a2db6d233d6e73e4f3612b2ab94233bdeeeddb

SHA256
8f355c3a0a7b3a5e06b76e339c32f95b1fc9f2edf39e51a2fcd37bd3ab89f71c

SHA512
37945d3d357a02522aadc6e33fc628a5e46c2295d4aef64b15bef1fad9c902505b2771ec464634e2e2ebc8e09f5b14cef988895d8d2c46ff1dafe8798dd79c3a

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 326836.crdownload

Filesize
2.3MB

MD5
1b54b70beef8eb240db31718e8f7eb5d

SHA1
da5995070737ec655824c92622333c489eb6bce4

SHA256
7d3654531c32d941b8cae81c4137fc542172bfa9635f169cb392f245a0a12bcb

SHA512
fda935694d0652dab3f1017faaf95781a300b420739e0f9d46b53ce07d592a4cfa536524989e2fc9f83602d315259817638a89c4e27da709aada5d1360b717eb

Download Submit