hxxps://stor-steampowered[.]com/gift-card/4373411658571

Analysis

max time kernel
149s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
27-01-2025 01:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://stor-steampowered.com/gift-card/4373411658571

Score

8^/10

steam discovery phishing

Malware Config

Signatures

Downloads MZ/PE file 1 IoCs

flow	pid	Process
98	1828	chrome.exe

Detected potential entity reuse from brand STEAM. 2 IoCs

phishing steam

flow	pid	Process
19	1828	chrome.exe
74	1828	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133824134602932877"	chrome.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\LogicalViewMode = "3"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Mode = "1"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1092616193"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByDirection = "1"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 010000000200000000000000ffffffff	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupView = "0"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\SniffedFolderType = "Downloads"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 020000000100000000000000ffffffff	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	chrome.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Version = "1"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616193"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\NodeSlot = "3"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\MRUListEx = ffffffff	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\IconSize = "48"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616193"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2 = 3a001f44471a0359723fa74489c55595fe6b30ee260001002600efbe10000000fa6392e59718db01a5f13a579e18db01e70e147b5770db0114000000	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295"	chrome.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\SniffedFolderType = "Downloads"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a000000a000000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
4292	chrome.exe
4292	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
3480	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 17 IoCs

pid	Process
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4292	chrome.exe
Token: SeCreatePagefilePrivilege	4292	chrome.exe
Token: SeShutdownPrivilege	4292	chrome.exe
Token: SeCreatePagefilePrivilege	4292	chrome.exe
Token: SeShutdownPrivilege	4292	chrome.exe
Token: SeCreatePagefilePrivilege	4292	chrome.exe
Token: SeShutdownPrivilege	4292	chrome.exe
Token: SeCreatePagefilePrivilege	4292	chrome.exe
Token: SeShutdownPrivilege	4292	chrome.exe
Token: SeCreatePagefilePrivilege	4292	chrome.exe
Token: SeShutdownPrivilege	4292	chrome.exe
Token: SeCreatePagefilePrivilege	4292	chrome.exe
Token: SeShutdownPrivilege	4292	chrome.exe
Token: SeCreatePagefilePrivilege	4292	chrome.exe
Token: SeShutdownPrivilege	4292	chrome.exe
Token: SeCreatePagefilePrivilege	4292	chrome.exe
Token: SeShutdownPrivilege	4292	chrome.exe
Token: SeCreatePagefilePrivilege	4292	chrome.exe
Token: SeShutdownPrivilege	4292	chrome.exe
Token: SeCreatePagefilePrivilege	4292	chrome.exe
Token: SeShutdownPrivilege	4292	chrome.exe
Token: SeCreatePagefilePrivilege	4292	chrome.exe
Token: SeShutdownPrivilege	4292	chrome.exe
Token: SeCreatePagefilePrivilege	4292	chrome.exe
Token: SeShutdownPrivilege	4292	chrome.exe
Token: SeCreatePagefilePrivilege	4292	chrome.exe
Token: SeShutdownPrivilege	4292	chrome.exe
Token: SeCreatePagefilePrivilege	4292	chrome.exe
Token: SeShutdownPrivilege	4292	chrome.exe
Token: SeCreatePagefilePrivilege	4292	chrome.exe
Token: SeShutdownPrivilege	4292	chrome.exe
Token: SeCreatePagefilePrivilege	4292	chrome.exe
Token: SeShutdownPrivilege	4292	chrome.exe
Token: SeCreatePagefilePrivilege	4292	chrome.exe
Token: SeShutdownPrivilege	4292	chrome.exe
Token: SeCreatePagefilePrivilege	4292	chrome.exe
Token: SeShutdownPrivilege	4292	chrome.exe
Token: SeCreatePagefilePrivilege	4292	chrome.exe
Token: SeShutdownPrivilege	4292	chrome.exe
Token: SeCreatePagefilePrivilege	4292	chrome.exe
Token: SeShutdownPrivilege	4292	chrome.exe
Token: SeCreatePagefilePrivilege	4292	chrome.exe
Token: SeShutdownPrivilege	4292	chrome.exe
Token: SeCreatePagefilePrivilege	4292	chrome.exe
Token: SeShutdownPrivilege	4292	chrome.exe
Token: SeCreatePagefilePrivilege	4292	chrome.exe
Token: SeShutdownPrivilege	4292	chrome.exe
Token: SeCreatePagefilePrivilege	4292	chrome.exe
Token: SeShutdownPrivilege	4292	chrome.exe
Token: SeCreatePagefilePrivilege	4292	chrome.exe
Token: SeShutdownPrivilege	4292	chrome.exe
Token: SeCreatePagefilePrivilege	4292	chrome.exe
Token: SeShutdownPrivilege	4292	chrome.exe
Token: SeCreatePagefilePrivilege	4292	chrome.exe
Token: SeShutdownPrivilege	4292	chrome.exe
Token: SeCreatePagefilePrivilege	4292	chrome.exe
Token: SeShutdownPrivilege	4292	chrome.exe
Token: SeCreatePagefilePrivilege	4292	chrome.exe
Token: SeShutdownPrivilege	4292	chrome.exe
Token: SeCreatePagefilePrivilege	4292	chrome.exe
Token: SeShutdownPrivilege	4292	chrome.exe
Token: SeCreatePagefilePrivilege	4292	chrome.exe
Token: SeShutdownPrivilege	4292	chrome.exe
Token: SeCreatePagefilePrivilege	4292	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
3480	chrome.exe
2292	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4292 wrote to memory of 2316	4292	chrome.exe	84
PID 4292 wrote to memory of 2316	4292	chrome.exe	84
PID 4292 wrote to memory of 2588	4292	chrome.exe	85
PID 4292 wrote to memory of 2588	4292	chrome.exe	85
PID 4292 wrote to memory of 2588	4292	chrome.exe	85
PID 4292 wrote to memory of 2588	4292	chrome.exe	85
PID 4292 wrote to memory of 2588	4292	chrome.exe	85
PID 4292 wrote to memory of 2588	4292	chrome.exe	85
PID 4292 wrote to memory of 2588	4292	chrome.exe	85
PID 4292 wrote to memory of 2588	4292	chrome.exe	85
PID 4292 wrote to memory of 2588	4292	chrome.exe	85
PID 4292 wrote to memory of 2588	4292	chrome.exe	85
PID 4292 wrote to memory of 2588	4292	chrome.exe	85
PID 4292 wrote to memory of 2588	4292	chrome.exe	85
PID 4292 wrote to memory of 2588	4292	chrome.exe	85
PID 4292 wrote to memory of 2588	4292	chrome.exe	85
PID 4292 wrote to memory of 2588	4292	chrome.exe	85
PID 4292 wrote to memory of 2588	4292	chrome.exe	85
PID 4292 wrote to memory of 2588	4292	chrome.exe	85
PID 4292 wrote to memory of 2588	4292	chrome.exe	85
PID 4292 wrote to memory of 2588	4292	chrome.exe	85
PID 4292 wrote to memory of 2588	4292	chrome.exe	85
PID 4292 wrote to memory of 2588	4292	chrome.exe	85
PID 4292 wrote to memory of 2588	4292	chrome.exe	85
PID 4292 wrote to memory of 2588	4292	chrome.exe	85
PID 4292 wrote to memory of 2588	4292	chrome.exe	85
PID 4292 wrote to memory of 2588	4292	chrome.exe	85
PID 4292 wrote to memory of 2588	4292	chrome.exe	85
PID 4292 wrote to memory of 2588	4292	chrome.exe	85
PID 4292 wrote to memory of 2588	4292	chrome.exe	85
PID 4292 wrote to memory of 2588	4292	chrome.exe	85
PID 4292 wrote to memory of 2588	4292	chrome.exe	85
PID 4292 wrote to memory of 1828	4292	chrome.exe	86
PID 4292 wrote to memory of 1828	4292	chrome.exe	86
PID 4292 wrote to memory of 3992	4292	chrome.exe	87
PID 4292 wrote to memory of 3992	4292	chrome.exe	87
PID 4292 wrote to memory of 3992	4292	chrome.exe	87
PID 4292 wrote to memory of 3992	4292	chrome.exe	87
PID 4292 wrote to memory of 3992	4292	chrome.exe	87
PID 4292 wrote to memory of 3992	4292	chrome.exe	87
PID 4292 wrote to memory of 3992	4292	chrome.exe	87
PID 4292 wrote to memory of 3992	4292	chrome.exe	87
PID 4292 wrote to memory of 3992	4292	chrome.exe	87
PID 4292 wrote to memory of 3992	4292	chrome.exe	87
PID 4292 wrote to memory of 3992	4292	chrome.exe	87
PID 4292 wrote to memory of 3992	4292	chrome.exe	87
PID 4292 wrote to memory of 3992	4292	chrome.exe	87
PID 4292 wrote to memory of 3992	4292	chrome.exe	87
PID 4292 wrote to memory of 3992	4292	chrome.exe	87
PID 4292 wrote to memory of 3992	4292	chrome.exe	87
PID 4292 wrote to memory of 3992	4292	chrome.exe	87
PID 4292 wrote to memory of 3992	4292	chrome.exe	87
PID 4292 wrote to memory of 3992	4292	chrome.exe	87
PID 4292 wrote to memory of 3992	4292	chrome.exe	87
PID 4292 wrote to memory of 3992	4292	chrome.exe	87
PID 4292 wrote to memory of 3992	4292	chrome.exe	87
PID 4292 wrote to memory of 3992	4292	chrome.exe	87
PID 4292 wrote to memory of 3992	4292	chrome.exe	87
PID 4292 wrote to memory of 3992	4292	chrome.exe	87
PID 4292 wrote to memory of 3992	4292	chrome.exe	87
PID 4292 wrote to memory of 3992	4292	chrome.exe	87
PID 4292 wrote to memory of 3992	4292	chrome.exe	87
PID 4292 wrote to memory of 3992	4292	chrome.exe	87
PID 4292 wrote to memory of 3992	4292	chrome.exe	87

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://stor-steampowered.com/gift-card/4373411658571
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4292
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffcfc85cc40,0x7ffcfc85cc4c,0x7ffcfc85cc58
  2⤵
  PID:2316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1872,i,10454892352985193362,11195027644356800529,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1868 /prefetch:2
  2⤵
  PID:2588
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2136,i,10454892352985193362,11195027644356800529,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2144 /prefetch:3
  2⤵
  - Downloads MZ/PE file
  - Detected potential entity reuse from brand STEAM.
  PID:1828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2216,i,10454892352985193362,11195027644356800529,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2384 /prefetch:8
  2⤵
  PID:3992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3100,i,10454892352985193362,11195027644356800529,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3148 /prefetch:1
  2⤵
  PID:1216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3108,i,10454892352985193362,11195027644356800529,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3188 /prefetch:1
  2⤵
  PID:4360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4004,i,10454892352985193362,11195027644356800529,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4476 /prefetch:1
  2⤵
  PID:2876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5112,i,10454892352985193362,11195027644356800529,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4392 /prefetch:8
  2⤵
  PID:908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4732,i,10454892352985193362,11195027644356800529,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3752 /prefetch:1
  2⤵
  PID:3520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=3364,i,10454892352985193362,11195027644356800529,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4384 /prefetch:1
  2⤵
  PID:2320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5392,i,10454892352985193362,11195027644356800529,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5384 /prefetch:8
  2⤵
  PID:4748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5532,i,10454892352985193362,11195027644356800529,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5544 /prefetch:8
  2⤵
  PID:3928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5676,i,10454892352985193362,11195027644356800529,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5572 /prefetch:8
  2⤵
  PID:4132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5572,i,10454892352985193362,11195027644356800529,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5540 /prefetch:1
  2⤵
  PID:2412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=4768,i,10454892352985193362,11195027644356800529,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3308 /prefetch:1
  2⤵
  PID:3192
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=3748,i,10454892352985193362,11195027644356800529,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5428 /prefetch:1
  2⤵
  PID:2468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5416,i,10454892352985193362,11195027644356800529,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5652 /prefetch:1
  2⤵
  PID:4788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=3828,i,10454892352985193362,11195027644356800529,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5816 /prefetch:1
  2⤵
  PID:2144
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=5904,i,10454892352985193362,11195027644356800529,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4920 /prefetch:1
  2⤵
  PID:5088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=5844,i,10454892352985193362,11195027644356800529,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5852 /prefetch:1
  2⤵
  PID:4520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=5888,i,10454892352985193362,11195027644356800529,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5892 /prefetch:1
  2⤵
  PID:3744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=4008,i,10454892352985193362,11195027644356800529,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3168 /prefetch:1
  2⤵
  PID:1504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=5548,i,10454892352985193362,11195027644356800529,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5824 /prefetch:1
  2⤵
  PID:2012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=5972,i,10454892352985193362,11195027644356800529,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5480 /prefetch:1
  2⤵
  PID:3676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --field-trial-handle=5652,i,10454892352985193362,11195027644356800529,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3168 /prefetch:1
  2⤵
  PID:4112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5892,i,10454892352985193362,11195027644356800529,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5912 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  PID:3480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4824,i,10454892352985193362,11195027644356800529,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4688 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious use of SetWindowsHookEx
  PID:2292
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4644,i,10454892352985193362,11195027644356800529,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5528 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1768

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:3068

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3120

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2012

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
637f85aa19d3808b0ef4b24dd671d396

SHA1
ea1bd1ccca9e0502f60391b29611470c17b02408

SHA256
e06900de3d508ea2fc11e51f126161ea428d9ec562e7159da9bf50ff18223a22

SHA512
19b12d5db1483dfa9e7421d24b18b0b7fb4d5ce13cffe71622f51e84ded3fb57b8d658b939832417e5eda2954e1a8169e12df98dca83ad929b76e71db0f14da7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
b87aca69f2b25691ca783973b6894a31

SHA1
31986e116c3b76ed333a029e4789c6d806c75040

SHA256
0b0d3a0e719498ecf103f0dd7d81a04ac3c3ac0f7340e146ebdbb531a919ecdd

SHA512
5710973e0243aec5d736291711ae622bd84f6f030631dddd4a86877e63eb7595bc7a80cf065c74a2a03e3eaaf50ddf4938188abbb59cd203d1a0af2a9d6b4143

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
abdc228bc5e9ccc6b3bb75a1399b700f

SHA1
e5be0309a73fff0135256db441b8808e1e84d526

SHA256
b713c4cf6b1d1f981125aeede3244599daa7acfe8b97fdc8b9b1e7f6039d081e

SHA512
0b9a34a604f37e4db2aa632a8967cc140ce74c0e4dfdcd1e1f52f0ba4daa875736c056bb447b2672c5cb267f9680739304fedb604f54c93d155d47dcba574941

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
8KB

MD5
c00d5bc7e29d54c4c4cb1d9b082f4a2b

SHA1
0fabcae70137f1e1db66785add66257c21b3aecc

SHA256
0a73ad6506a69ad6c3d52d797f3856bc198b5aa6e8df8cfc9594b2ae7f146d1b

SHA512
60642863d5dd481f32d61753601307aacf7082a0e7430bfdb5b5177401695a45abd54136a5135e2413aee38daf61af5dd10b4f61a74f1b88365e535dc2efc071

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
7KB

MD5
aed5402fcb62cb5825c2b6d901fc9eb3

SHA1
f22f9685044edf4ae178d2c381d1d09d7f25ab48

SHA256
4a16b59620ccad4c177b1ff0ee7ff6fe3a298113675b8feb5c3e13510450a205

SHA512
a6e93b557021cea570a8cb39e9cfc9dc748b2458867c99bfd9925bdd4c0fb314179f6668369000a0a39c3536d8f1b9aa84f789712cd88d851aab62dbb93467a4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
182c839a74bf367f1355c5705457612b

SHA1
0019fdeae7dbed80ab1adfc87cefdc1e0f983a59

SHA256
eb700991581e5532d99b48d58473b5028802fb96b9ab1db7180f8784a5ff1197

SHA512
cb9d0b95e0178535994151afe781ee58ce9bb50547fe54cff3a2ffe474754060fc3939bedacae40cfa51c4764bb95f02091a9f0422dd7005a0184075efd9e3b7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
e55f67f4db82fab450b5661b30f09793

SHA1
021066b299562b8af0acf73d7999dc7d6d1d9b19

SHA256
d6caf1f54a17e3e5db955df97d3c80d5be367bd60401e505d1247a81060321db

SHA512
85b74e20b7bf87eb09dfa165545a2339bb1a8129618d1a445da3903bc989cc12b73a5761a980b81cb9e5c5a66cf97df368f3a571c9f08d64ee6f58f76f22208b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
77e025cdf3f41d2a75533db184cf2731

SHA1
fb11bafbb61c43b09cef64635a09254ce98caffc

SHA256
f4cdbcb400e430efb7c4b6b8b0a828d54bda35f704f6942ffb481fc30c0f92a3

SHA512
ef1bd88be83305c34b0aa37982cc432fb80f002128652dc37ba0d61be1148ca14592145e1c4914c199a7e008c898584149f617483eb8ed5e81656d01a123bd86

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
228a4e50885c44f2fea89b56465825ae

SHA1
5f1e78633eeb823f0f8c175d97d7356bd5385564

SHA256
28ef0d7b2c5cd2a1054a0b283c45d0458646895da0a3be4469e664399427449f

SHA512
38354a39ff0ce773ef33b0ca151f699f8f0ca29ee708b32e716dce21b8616dbdf473c63446edad13ee08e5cedbb047ef5f22c79e2ddd1aee548262ce6311f22a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
0c9b4aa47c1007b2566f5db098e2fe4a

SHA1
b2ec3d52ad7ab69c815d27da2b53e3fe006300ca

SHA256
8935c35d09188feb76946e072c85fbe42b16ba2baab4da5135c3bd88b9824614

SHA512
d4c263c83c3855676e937875536ea41fa5b7ba93f20730f31eee864d4137033d017d978b8b2449f1451e12d60dbcf32ae95a37fbcae10009153c593b539ad524

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
3518fb1589dcde556e89be1e6376fef2

SHA1
c7e968008c6cf72b32e04f75bb205afc7469b46c

SHA256
fae2829c37aa252c60a6c313eb3602dfb8ce5aa31e45dfca96d27a6960ac89a2

SHA512
234888110a1a16f728d02129b27eeb7e207ea76da945018b6834f237667a7fec754922ac05c70f621e99670755a3127f83d98ec938956f4a952ada40486c3c68

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
bed5d02c35d5160a253fa935a437203a

SHA1
03f129360b1c565f2a4e6bb80c09105860ccc730

SHA256
112f742155ad7faae836c9a3aa42f320e5db31a6f5856a2be71d1beda4680c4f

SHA512
72f201a412660f91b81a40500e16f0bad0c7e77462ecb56eaf85d2a7d447eb1a2daed411eb9b5bad87bf34ad4ba1f884194d69dc747df31d3304cb75db9f6996

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
bece04af1e0f842d9f4f433f9e0d6a71

SHA1
688a83666955e1f06db99aef68ed0de65d3c3689

SHA256
2f6266c88db24c775f062afce4ee86c4734593084e0a3ea6149673662cdab245

SHA512
ea9e620c67beb0cf066364032c9f10f0edd0ef0cb9d7b86cfa94b6df0223ae1660286c862e191f2bb2993466641fa85e0164eb6d0a5ff9cb312628066c6d4867

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
77e8c78bbc78dacdfbd021f4dd5bf9e7

SHA1
daa4b89f1d4bc8c8985365ff02d5f7de17c6808a

SHA256
752f71e00e2a9a074da9aba7fc3332d02ef2332e73d2b5766623bde590cd15a3

SHA512
e2d4bdf38532c43705c692da3cc505051fbefec80eb89d78c7518b7ee75da3a41b2276beb7870848920f181564c5cbc06f754baeb6ee9bcc0fe99f5ec161ff8c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
e5248eaba0a367e71c65c04013a81526

SHA1
8cc45e20850919e7a797b043b38c577525d384da

SHA256
c1331f4c8440bb81bbb6681d7a5523e712b0f579e78357ba42fc1056827a2607

SHA512
eacecfc5254ee4c5067a5a265008f705c4a0306013c2604f8af806997554e72abf8e8431dcee7c59ce6bbc6b08a61ea75041931c8e7382b39af4c4cffa79420a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d37c6dd3a0f11381d11e3f517eb9127f

SHA1
0f4dc8de9588092aa508fc2135ba8502a2e1fe0c

SHA256
cca6f6c33ca6e71a1b803df6592d0dd587cc8a1ae47436830355d90c1b1dcbb5

SHA512
6f4f371d18e4f8b6b143ae580737f46086a7014b33734ffcd11aa92826693d2a43f41b0fc8b39ccbc1fb36611d485e33b5f83a73ce5eee720eff0b2dc22d9f27

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
3cc8c693aada250e1ba9491453f0e5ff

SHA1
7d439f51103336a2d96f3ba77c68c82899958cf6

SHA256
6859f0b8fee8d1eabadfa17eb3a16f9bf48764651aa17763e966e7abd7299198

SHA512
3576673100c4eea25ea12e52fa7ae2312b761cfc17ae4ca2a22db613a6b523ff06d6ab430c51ef2f0e99b8f71409d991cc55fd102380a1bb916d5db3b4ea17ad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
31935206e495ca4bca760c653752e65d

SHA1
99b5169a2503aa928c1ab9d24c60cf32e658e98e

SHA256
e60cf7709f28c2ee2030f9916b3d3e8467e85e630c5635b5711225d6709bdbb1

SHA512
bb98f5cc70d961f0d5eac72994e4d0fc952c7f08fc59fb3288e251220859f286adff033adfebb2383dcdc03e23646a755d33319b05f4f917db12cbf96d72bb0e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
a203ce704d2ab330421cad4f4de23612

SHA1
03542c3c26e872d8436dc6fba850add37c626bdd

SHA256
111cfc8d685e46fdadc80362be9e94e4a53748048fc0c79bacdc14ba857936ae

SHA512
4e93217056d212175c3766ce790c0b821ca59c013aae84aab06e23e4518ee4b6cafe68be04738887ded0db0540ad296baf81b931880f6ca86cb6077a5b930360

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
4703f165fea4589794897a25080f66c6

SHA1
d7953c250c2550ed630e2e62100810e403ae68a3

SHA256
6fbce85c15819dee2d321b44cf158d1102ef40cc68f1292eae6f3662cfcc769f

SHA512
da380ae3c8d989cb4d39bb0ed113e01a981c4e274793abd4cb9798cac2d93f2cadac1d204bb4a0180e0d5a1f3c4241dbc6e1d56a8b9f6dd20a465c6dd126279c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
401a7da8cf5a9e10e0318d48bcf1a003

SHA1
28649a565ff3eefd29baa50d728a0d5dc28a4da8

SHA256
09abf36e1bd1b57e9e24912f225f57e1d39cd9f32bfba3c55c1a321cf5c6bf42

SHA512
321d98fece43b002ceaba2102facdb855641a876ac63b05723b9b1c23f7f9ff76847b18656c467f6d0250584e6bce7d26856c6de8bbca8b99637bfe810f4ed8e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
5039d51fb24b4c697fb015e7efe3370c

SHA1
a8190a421a4569d37e31830f7cfe4c7f5fad3ea8

SHA256
ea2e065da963340cd486af7b8f36350e8638da2aedbfd78a32714b319aec12ae

SHA512
1b9f5ac32d0f8951119b6cd672eb5b24fdf02c91725dfc422a60029b1d44dfe017bd0b22da94c268b2f3bd2f5c8786ff8fbfb218d990397fc96d8ff63b9363cd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
2f04fe00d25214b8fa7f3b9a860b624e

SHA1
2fcf0709205083fd9186b9143430bc18f4113239

SHA256
fe4c1e216fd891318bbb373aa98cebe2752767e8a3fe6c85da456400048c462b

SHA512
b5642a66bae22da9f06a6865dc79dd44037adb219331fe9a26a2bb0825f3c7dd18bb67c4bdf91668728ad72b47a2d0d3e6387063d21d2c107bdf573e4323e28e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 471113.crdownload

Filesize
2.3MB

MD5
1b54b70beef8eb240db31718e8f7eb5d

SHA1
da5995070737ec655824c92622333c489eb6bce4

SHA256
7d3654531c32d941b8cae81c4137fc542172bfa9635f169cb392f245a0a12bcb

SHA512
fda935694d0652dab3f1017faaf95781a300b420739e0f9d46b53ce07d592a4cfa536524989e2fc9f83602d315259817638a89c4e27da709aada5d1360b717eb

Download Submit