hxxps://steamgift[.]cfd/105394106

Resubmissions

30/03/2025, 22:57

250330-2xqpbs1kt3 10

30/03/2025, 19:24

250330-x4d7navxb1 10

Analysis

max time kernel
181s
max time network
184s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
30/03/2025, 22:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://steamgift.cfd/105394106

Score

5^/10

steam discovery phishing

Malware Config

Signatures

Detected potential entity reuse from brand STEAM. 1 IoCs

phishing steam

flow	pid	Process
29	1720	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	chrome.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133878490945172033"	chrome.exe

Modifies registry class 4 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428\DisplayName = "Chrome Sandbox"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428\Moniker = "cr.sb.odm3E4D1A088C1F6D498C84F3C86DE73CE49F82A104"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428\Children	chrome.exe

Suspicious behavior: EnumeratesProcesses 7 IoCs

pid	Process
3292	chrome.exe
3292	chrome.exe
3292	chrome.exe
3292	chrome.exe
3292	chrome.exe
4748	chrome.exe
4748	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
3292	chrome.exe
3292	chrome.exe
3292	chrome.exe
3292	chrome.exe
3292	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3292	chrome.exe
Token: SeCreatePagefilePrivilege	3292	chrome.exe
Token: SeShutdownPrivilege	3292	chrome.exe
Token: SeCreatePagefilePrivilege	3292	chrome.exe
Token: SeShutdownPrivilege	3292	chrome.exe
Token: SeCreatePagefilePrivilege	3292	chrome.exe
Token: SeShutdownPrivilege	3292	chrome.exe
Token: SeCreatePagefilePrivilege	3292	chrome.exe
Token: SeShutdownPrivilege	3292	chrome.exe
Token: SeCreatePagefilePrivilege	3292	chrome.exe
Token: SeShutdownPrivilege	3292	chrome.exe
Token: SeCreatePagefilePrivilege	3292	chrome.exe
Token: SeShutdownPrivilege	3292	chrome.exe
Token: SeCreatePagefilePrivilege	3292	chrome.exe
Token: SeShutdownPrivilege	3292	chrome.exe
Token: SeCreatePagefilePrivilege	3292	chrome.exe
Token: SeShutdownPrivilege	3292	chrome.exe
Token: SeCreatePagefilePrivilege	3292	chrome.exe
Token: SeShutdownPrivilege	3292	chrome.exe
Token: SeCreatePagefilePrivilege	3292	chrome.exe
Token: SeShutdownPrivilege	3292	chrome.exe
Token: SeCreatePagefilePrivilege	3292	chrome.exe
Token: SeShutdownPrivilege	3292	chrome.exe
Token: SeCreatePagefilePrivilege	3292	chrome.exe
Token: SeShutdownPrivilege	3292	chrome.exe
Token: SeCreatePagefilePrivilege	3292	chrome.exe
Token: SeShutdownPrivilege	3292	chrome.exe
Token: SeCreatePagefilePrivilege	3292	chrome.exe
Token: SeShutdownPrivilege	3292	chrome.exe
Token: SeCreatePagefilePrivilege	3292	chrome.exe
Token: SeShutdownPrivilege	3292	chrome.exe
Token: SeCreatePagefilePrivilege	3292	chrome.exe
Token: SeShutdownPrivilege	3292	chrome.exe
Token: SeCreatePagefilePrivilege	3292	chrome.exe
Token: SeShutdownPrivilege	3292	chrome.exe
Token: SeCreatePagefilePrivilege	3292	chrome.exe
Token: SeShutdownPrivilege	3292	chrome.exe
Token: SeCreatePagefilePrivilege	3292	chrome.exe
Token: SeShutdownPrivilege	3292	chrome.exe
Token: SeCreatePagefilePrivilege	3292	chrome.exe
Token: SeShutdownPrivilege	3292	chrome.exe
Token: SeCreatePagefilePrivilege	3292	chrome.exe
Token: SeShutdownPrivilege	3292	chrome.exe
Token: SeCreatePagefilePrivilege	3292	chrome.exe
Token: SeShutdownPrivilege	3292	chrome.exe
Token: SeCreatePagefilePrivilege	3292	chrome.exe
Token: SeShutdownPrivilege	3292	chrome.exe
Token: SeCreatePagefilePrivilege	3292	chrome.exe
Token: SeShutdownPrivilege	3292	chrome.exe
Token: SeCreatePagefilePrivilege	3292	chrome.exe
Token: SeShutdownPrivilege	3292	chrome.exe
Token: SeCreatePagefilePrivilege	3292	chrome.exe
Token: SeShutdownPrivilege	3292	chrome.exe
Token: SeCreatePagefilePrivilege	3292	chrome.exe
Token: SeShutdownPrivilege	3292	chrome.exe
Token: SeCreatePagefilePrivilege	3292	chrome.exe
Token: SeShutdownPrivilege	3292	chrome.exe
Token: SeCreatePagefilePrivilege	3292	chrome.exe
Token: SeShutdownPrivilege	3292	chrome.exe
Token: SeCreatePagefilePrivilege	3292	chrome.exe
Token: SeShutdownPrivilege	3292	chrome.exe
Token: SeCreatePagefilePrivilege	3292	chrome.exe
Token: SeShutdownPrivilege	3292	chrome.exe
Token: SeCreatePagefilePrivilege	3292	chrome.exe

Suspicious use of FindShellTrayWindow 27 IoCs

pid	Process
3292	chrome.exe
3292	chrome.exe
3292	chrome.exe
3292	chrome.exe
3292	chrome.exe
3292	chrome.exe
3292	chrome.exe
3292	chrome.exe
3292	chrome.exe
3292	chrome.exe
3292	chrome.exe
3292	chrome.exe
3292	chrome.exe
3292	chrome.exe
3292	chrome.exe
3292	chrome.exe
3292	chrome.exe
3292	chrome.exe
3292	chrome.exe
3292	chrome.exe
3292	chrome.exe
3292	chrome.exe
3292	chrome.exe
3292	chrome.exe
3292	chrome.exe
3292	chrome.exe
3292	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3292	chrome.exe
3292	chrome.exe
3292	chrome.exe
3292	chrome.exe
3292	chrome.exe
3292	chrome.exe
3292	chrome.exe
3292	chrome.exe
3292	chrome.exe
3292	chrome.exe
3292	chrome.exe
3292	chrome.exe
3292	chrome.exe
3292	chrome.exe
3292	chrome.exe
3292	chrome.exe
3292	chrome.exe
3292	chrome.exe
3292	chrome.exe
3292	chrome.exe
3292	chrome.exe
3292	chrome.exe
3292	chrome.exe
3292	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3292 wrote to memory of 2036	3292	chrome.exe	86
PID 3292 wrote to memory of 2036	3292	chrome.exe	86
PID 3292 wrote to memory of 1720	3292	chrome.exe	87
PID 3292 wrote to memory of 1720	3292	chrome.exe	87
PID 3292 wrote to memory of 6136	3292	chrome.exe	88
PID 3292 wrote to memory of 6136	3292	chrome.exe	88
PID 3292 wrote to memory of 6136	3292	chrome.exe	88
PID 3292 wrote to memory of 6136	3292	chrome.exe	88
PID 3292 wrote to memory of 6136	3292	chrome.exe	88
PID 3292 wrote to memory of 6136	3292	chrome.exe	88
PID 3292 wrote to memory of 6136	3292	chrome.exe	88
PID 3292 wrote to memory of 6136	3292	chrome.exe	88
PID 3292 wrote to memory of 6136	3292	chrome.exe	88
PID 3292 wrote to memory of 6136	3292	chrome.exe	88
PID 3292 wrote to memory of 6136	3292	chrome.exe	88
PID 3292 wrote to memory of 6136	3292	chrome.exe	88
PID 3292 wrote to memory of 6136	3292	chrome.exe	88
PID 3292 wrote to memory of 6136	3292	chrome.exe	88
PID 3292 wrote to memory of 6136	3292	chrome.exe	88
PID 3292 wrote to memory of 6136	3292	chrome.exe	88
PID 3292 wrote to memory of 6136	3292	chrome.exe	88
PID 3292 wrote to memory of 6136	3292	chrome.exe	88
PID 3292 wrote to memory of 6136	3292	chrome.exe	88
PID 3292 wrote to memory of 6136	3292	chrome.exe	88
PID 3292 wrote to memory of 6136	3292	chrome.exe	88
PID 3292 wrote to memory of 6136	3292	chrome.exe	88
PID 3292 wrote to memory of 6136	3292	chrome.exe	88
PID 3292 wrote to memory of 6136	3292	chrome.exe	88
PID 3292 wrote to memory of 6136	3292	chrome.exe	88
PID 3292 wrote to memory of 6136	3292	chrome.exe	88
PID 3292 wrote to memory of 6136	3292	chrome.exe	88
PID 3292 wrote to memory of 6136	3292	chrome.exe	88
PID 3292 wrote to memory of 6136	3292	chrome.exe	88
PID 3292 wrote to memory of 6136	3292	chrome.exe	88
PID 3292 wrote to memory of 1768	3292	chrome.exe	89
PID 3292 wrote to memory of 1768	3292	chrome.exe	89
PID 3292 wrote to memory of 1768	3292	chrome.exe	89
PID 3292 wrote to memory of 1768	3292	chrome.exe	89
PID 3292 wrote to memory of 1768	3292	chrome.exe	89
PID 3292 wrote to memory of 1768	3292	chrome.exe	89
PID 3292 wrote to memory of 1768	3292	chrome.exe	89
PID 3292 wrote to memory of 1768	3292	chrome.exe	89
PID 3292 wrote to memory of 1768	3292	chrome.exe	89
PID 3292 wrote to memory of 1768	3292	chrome.exe	89
PID 3292 wrote to memory of 1768	3292	chrome.exe	89
PID 3292 wrote to memory of 1768	3292	chrome.exe	89
PID 3292 wrote to memory of 1768	3292	chrome.exe	89
PID 3292 wrote to memory of 1768	3292	chrome.exe	89
PID 3292 wrote to memory of 1768	3292	chrome.exe	89
PID 3292 wrote to memory of 1768	3292	chrome.exe	89
PID 3292 wrote to memory of 1768	3292	chrome.exe	89
PID 3292 wrote to memory of 1768	3292	chrome.exe	89
PID 3292 wrote to memory of 1768	3292	chrome.exe	89
PID 3292 wrote to memory of 1768	3292	chrome.exe	89
PID 3292 wrote to memory of 1768	3292	chrome.exe	89
PID 3292 wrote to memory of 1768	3292	chrome.exe	89
PID 3292 wrote to memory of 1768	3292	chrome.exe	89
PID 3292 wrote to memory of 1768	3292	chrome.exe	89
PID 3292 wrote to memory of 1768	3292	chrome.exe	89
PID 3292 wrote to memory of 1768	3292	chrome.exe	89
PID 3292 wrote to memory of 1768	3292	chrome.exe	89
PID 3292 wrote to memory of 1768	3292	chrome.exe	89
PID 3292 wrote to memory of 1768	3292	chrome.exe	89
PID 3292 wrote to memory of 1768	3292	chrome.exe	89

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://steamgift.cfd/105394106
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3292
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffce1cddcf8,0x7ffce1cddd04,0x7ffce1cddd10
  2⤵
  PID:2036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --field-trial-handle=1456,i,16610516166751534105,8442300110804711607,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=2140 /prefetch:3
  2⤵
  - Detected potential entity reuse from brand STEAM.
  PID:1720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=2040,i,16610516166751534105,8442300110804711607,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=2036 /prefetch:2
  2⤵
  PID:6136
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --field-trial-handle=2348,i,16610516166751534105,8442300110804711607,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=2364 /prefetch:8
  2⤵
  PID:1768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3204,i,16610516166751534105,8442300110804711607,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3192 /prefetch:1
  2⤵
  PID:4308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3212,i,16610516166751534105,8442300110804711607,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3252 /prefetch:1
  2⤵
  PID:1924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --extension-process --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4416,i,16610516166751534105,8442300110804711607,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4428 /prefetch:2
  2⤵
  PID:4448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4600,i,16610516166751534105,8442300110804711607,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4704 /prefetch:1
  2⤵
  PID:4860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5244,i,16610516166751534105,8442300110804711607,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5272 /prefetch:8
  2⤵
  PID:2604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5524,i,16610516166751534105,8442300110804711607,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5300 /prefetch:1
  2⤵
  PID:2992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=208,i,16610516166751534105,8442300110804711607,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5668 /prefetch:8
  2⤵
  PID:4848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5520,i,16610516166751534105,8442300110804711607,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5668 /prefetch:8
  2⤵
  PID:2540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5724,i,16610516166751534105,8442300110804711607,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5712 /prefetch:8
  2⤵
  PID:5900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=5380,i,16610516166751534105,8442300110804711607,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5800 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=on_device_model.mojom.OnDeviceModelService --lang=en-US --service-sandbox-type=on_device_model_execution --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=1488,i,16610516166751534105,8442300110804711607,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4556 /prefetch:8
  2⤵
  PID:2808

C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"
1⤵
PID:1780

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:1556

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
50debae86e952e0ef95a0e3dac7231cd

SHA1
b0274349698dd47d6df966161b5656e15ae2514c

SHA256
2be4036b55863bd48329bd47310f21d7f5f6e8c0cc8053adaa92d91b52453437

SHA512
9a229dbcb9a608e226f5aa32f708029172451bcf7ab32f713d203b63df9a7e948ac864f7bf77a3ef7338f5365f38c29bf23700c2f7ada87d33e5c5e4ea916acf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
576B

MD5
4dc46f061fe083fcd73c9b09cfc6f0f3

SHA1
44f736b0128296b221adefde9f0a7109a610766d

SHA256
a3773d3e481ee34ad1b9f9c44e3c0c8ff4481adc6cb19f0f96646d3402289a65

SHA512
a59e9ebb6b57d68d3384378dda52295332dd21a98408be98e84f79a2a0c7bc7f5469f9d9e6b040367e53201b8f3fc6d5da04235eba778f01950f3522687b0619

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnGraphiteCache\data_1

Filesize
264KB

MD5
777c19b08d288b7b8b4c679ee2ca22be

SHA1
20d50519d051ff01d7d0ad740fca0d2ee4a2f36d

SHA256
4ec5cc163341721eb65837748c75817266047ed968172c37c5080af6c01e3151

SHA512
65eec0bce9ac9b3651ee27c5debd52b78c56aac66f731dc668af824abb5b5dcf4f4551f3bbf0c14de4ea61f458b12c86ba19ed4a276e25f01bd0513233bfc0f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
543c98d4f7e54aed60225caac7cd6e3e

SHA1
5418bef584768b01d5dcb0a5f5ad2b669c67e852

SHA256
8872a2a84b99501c39da17f957a2a644da672364fe30e658c6e6739c1978e801

SHA512
f7c8c4cf243a3ae2447df9f490921650119dfa14c8741adf5215160fa07d5936172c1add439780c5c365bd101bc1d9a291157cfabe5230322dfdc0f0b60188fc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
fb3e8ea1b531ea06e54adb0d96181a03

SHA1
b644f56f9c0443469528879b062ad511c26e4528

SHA256
f72e69e8609146cf83bf4fc8fa07d3058c9e5014a8ebfa62b091f57a8d514675

SHA512
7f2e978234dd51eb6bb3f386af5c57ae6bafc02ecff82b126f8bfe1ff03bae02e57f1cba2b860db82304c8432f496e5e7e85ebff22a82bc5219957751c011ee0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
6b639270742edbc6ac7cad9357828cec

SHA1
7d1c46a6f8ebb6f24641dd544a5888376c400a27

SHA256
535a15d203ed9bd2e478a8a105e8a65fc434fade8e4bf4c12548eb62784c9876

SHA512
63968dbf77abf56c14ad4c1c2a974e9b1032064659222b1e3b296327277c84df1c27d01fb85d6a575ba461f563885be61da8bd3851165955b950870536a63d94

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
14KB

MD5
42eb4886672282f0e065c95e6d6c7526

SHA1
7603ff8d81ae59fee9224f578baf130649c643c7

SHA256
2c2eb6e7d6ba33dfcadb9250c38fc4189a0aea1bd9f4a1eebdf67ed7d938d32c

SHA512
ebca6998a97be0c5fd092e5634c8a0738a28aa8d982769c93dda412b6c9eefddc3efcfee988a9ae8841e003f795f0a421ffa9d2b48d8ec54d84d4c0465e59b3b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
14KB

MD5
58472353c2c03036b1c49b9f37aaa545

SHA1
309d96c7f8fcf6a48ce258238e18f8a9f7d76850

SHA256
173794a46faa6792f0acaf3c43fa1dd477e3df6bc23338982f008f23e9d8e9e1

SHA512
c4f3809231c8483993c81f2cdefcc43d24bb3dc7bbece40230e205ce72ce86eeaa123ad94e16d52472a701bb2cb2fe76ff3686d2fd5bdeea515890a41a702030

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
15KB

MD5
ec686c32d75c831904c6fd5aa7421457

SHA1
924598248e95a75d9f7bab1721616a12c84ae5d5

SHA256
c5359a266369e7f9d922a8de1f5789aa5216326e5850612f958d5e3c0071bacd

SHA512
f0f1c90c7c6167d5aad44d78e1da40cc0f2ffb2e709e21ea0cbd33d5f318f6cfb54cc1242e0727b7beb3ff7c678ed1b11910f73d5a23e0b22caade3d31f43e30

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
13KB

MD5
9ed0b95dc67eed7a0e83b83c84f5cecd

SHA1
652ac1fe68d3648f2dffee39043313bcfe988d7f

SHA256
bcb49461ab3664135e0ec5376f04dc51873562b075987b55d16161b4ab2ff46b

SHA512
eea772f8f4c2ff623707789524044ffbb3310785aee4a36584634f10061a7ac5e3e52cc44d6c563f3cdab05d9428ffd874510eaddad4abc4e759587d1e03e929

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
13KB

MD5
2397109c9fbccd98cb6e031b33e9c3bd

SHA1
e6f44846ffa5b4631913b2288ce402baba5f5531

SHA256
5cad38eb1092cfb51bbe36c1e1510190713202027bfc992ccbc7402e692c9f60

SHA512
201799aec1dca696a628f7c14eb3883f3cbcc448136d4dc5248ec4f725f578063a3bea456b8fa85ad734f964a4f04153e787a302d09f615fed38e270e589d73b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
14KB

MD5
45dd183ebe444c9a1a9893c36c10b412

SHA1
0dad4b64f00a7ddec97da0c12a9070e7d2f26c04

SHA256
3e730438cb87d0e8de1529de0f9f41adf317d6596f041d8384eb9910e4b322f5

SHA512
2d6e777969d824b1a81172a4b1cdd043f1df27b81478f3d1891679faaa10bc442179784fb94ab85f0a965756cac8853e2b3daba90bc997f335bcff8d6be87860

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
15KB

MD5
2e76e067884ed8c81f9284456b8bc808

SHA1
67b935d05ab99c1c10b07c392d7901cba957e4f8

SHA256
ee2ddff2eba3fc466ff30902fd58301b501980a6db10025999407d16c2e21a6b

SHA512
de9ff13faaba5141050ba29896afe2441306059888727795893e7da4e9ea479e1f2a5806758dd534f4cbd9895f1041fbeaa61b73cd98081c89655d6298d96729

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
0e041b8beb62109bc612bd433aecbfbd

SHA1
15b0515597c527f32376c2faf6d7f4084d208ab8

SHA256
749129b2c7e5e151a012ba92a99b29c216369146a1469915fb7d4eaa4c1700f2

SHA512
f8581544274d402fb6345c08b1bc8972b9156218704e2bed646a61e2af28029072a8c9eab331475d60647b2648f827d93b6eee8d386acb3c1fa14c35678f5573

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
434ad9f2a19a5786e875bdd5c734fc25

SHA1
80007b9d0921f327926faf115caaebadba3d5244

SHA256
9559bc021a9e9b959a29f3f117e8ced9efe02bce40d00cab430e083ee41cadfd

SHA512
7c499d39cc25aab2a13e0da02516cb93759541a03f794b9d93771fc9c9fbebc78858c2bb8588adacd5c4726cc78105f8c63dd2771c80be4f2da23aa6b7a97f81

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57d59f.TMP

Filesize
48B

MD5
ef490038b1b569ecc68134fca13e32e2

SHA1
d88f0dc161c155af129d1ee827a0ea2c9a30263d

SHA256
319f691def7021d0beb0444029371d340f63404bef2c5959968476ccc401ec46

SHA512
a465afc7ba70671b09c28993b191fb903984c828939bbd5c93b7a515db9a792cd37a94e357f4dbb26f2941325e7993b6d974c7eae70808ec0cc57312edbe4ed1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\f27cc000-2bb9-4622-84d9-c6ae0e3639a4.tmp

Filesize
14KB

MD5
a938dc21b390c067d75ec4b25a4c2641

SHA1
70c7ed3856cf29354dcfde5df420a808ed24dbf4

SHA256
a7d6f73efbe200e24ebed38bd44f4a1dd94d4ff2ebda47bdeb444a6ca931a726

SHA512
59bb2f9587736f0c6c4f1d0979872bf25b39733b9d7914bceed402abbd6080d26a0c44aec64d67b9cc6d8bb4ca425e26dabb31d2c9709b8d0a0310b67200bbb1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
81KB

MD5
2c6ad2e4f173783a58a49864dd781035

SHA1
080aba2e2ce4ca29bb20ea120f7f676fe62f3963

SHA256
bf78579bb4cfc9e1749fabb64c370dc81d0fbfffbfdd58f987fd4276598edcbb

SHA512
07788e625ca34c5b7a4db982eec13338938525b9d4e8219d31f8d32277c030d1eb0f5eedc325b5f5236931aa64d0fe7c674b7890730f04b9e7575489f1f552e9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
80KB

MD5
f125bcb8663132a2107c2769d440853c

SHA1
7c9e4e61743246412993c51185517c41eec9570f

SHA256
b7c6e0bd27e5b9dbb0f8b0ec9338524f515b06416de9597c7db079ad3af85a58

SHA512
46a707aaf7edaf5ca258968217f48ef5676a91740ab06766bc346d4989a69190750844e89c64f52c77e34bd6bd644d731ae6fca3c31403ba43268d19c8f43327

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
81KB

MD5
4fd1ec65fb48d0ac84298788b088e011

SHA1
e37a0c7d971e42bf178ae850dddc552296a8474e

SHA256
452bd2da0360510b3dc9cc038c836c260d25a981647e4e4231da4df56af67389

SHA512
befc5e698cd6811e8d63f2dbda5fd71130751ba8e606a4293a3d468ed4cd7c248195d91e9455e0054aaf94d8a3ce212e3d7cd97d134ac7bcad5b73b5bef44267

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
81KB

MD5
0f1aa8cbb811dcf63350c67c741af244

SHA1
f78e3f093288623422eec0dbe37f6208ce87d94e

SHA256
0f5638ccb5fa215e6a4f408de561ac2485c1e853cbfb21bea328ef9245767d91

SHA512
8866c315eb986a6e4e89b9406d5285ca1edb703d38086f8ae12e96d1f5a5cd2348292d964e6e3dbdcda8224c7e6299adf86970bcb067312d3eb7932606af16d7

Download Submit