hxxps://steamcommunity[.]com/linkfilter/e[.]vg/105757229058

Analysis

max time kernel
68s
max time network
70s
platform
windows10-2004_x64
resource
win10v2004-20250410-en
resource tags

arch:x64arch:x86image:win10v2004-20250410-enlocale:en-usos:windows10-2004-x64system
submitted
14/04/2025, 17:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://steamcommunity.com/linkfilter/e.vg/105757229058

Score

5^/10

steam discovery phishing

Malware Config

Signatures

Detected potential entity reuse from brand STEAM. 1 IoCs

phishing steam

flow	pid	Process
54	2724	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	chrome.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 17 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "42"	LogonUI.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4288567808"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365271"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292311040"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1"	LogonUI.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133891261427083352"	chrome.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292311040"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365271"	LogonUI.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = a6d8ff0076b9ed00429ce3000078d700005a9e000042750000264200f7630c00	LogonUI.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2780	chrome.exe
2780	chrome.exe
2780	chrome.exe
2780	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
2780	chrome.exe
2780	chrome.exe
2780	chrome.exe
2780	chrome.exe
2780	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2780	chrome.exe
Token: SeCreatePagefilePrivilege	2780	chrome.exe
Token: SeShutdownPrivilege	2780	chrome.exe
Token: SeCreatePagefilePrivilege	2780	chrome.exe
Token: SeShutdownPrivilege	2780	chrome.exe
Token: SeCreatePagefilePrivilege	2780	chrome.exe
Token: SeShutdownPrivilege	2780	chrome.exe
Token: SeCreatePagefilePrivilege	2780	chrome.exe
Token: SeShutdownPrivilege	2780	chrome.exe
Token: SeCreatePagefilePrivilege	2780	chrome.exe
Token: SeShutdownPrivilege	2780	chrome.exe
Token: SeCreatePagefilePrivilege	2780	chrome.exe
Token: SeShutdownPrivilege	2780	chrome.exe
Token: SeCreatePagefilePrivilege	2780	chrome.exe
Token: SeShutdownPrivilege	2780	chrome.exe
Token: SeCreatePagefilePrivilege	2780	chrome.exe
Token: SeShutdownPrivilege	2780	chrome.exe
Token: SeCreatePagefilePrivilege	2780	chrome.exe
Token: SeShutdownPrivilege	2780	chrome.exe
Token: SeCreatePagefilePrivilege	2780	chrome.exe
Token: SeShutdownPrivilege	2780	chrome.exe
Token: SeCreatePagefilePrivilege	2780	chrome.exe
Token: SeShutdownPrivilege	2780	chrome.exe
Token: SeCreatePagefilePrivilege	2780	chrome.exe
Token: SeShutdownPrivilege	2780	chrome.exe
Token: SeCreatePagefilePrivilege	2780	chrome.exe
Token: SeShutdownPrivilege	2780	chrome.exe
Token: SeCreatePagefilePrivilege	2780	chrome.exe
Token: SeShutdownPrivilege	2780	chrome.exe
Token: SeCreatePagefilePrivilege	2780	chrome.exe
Token: SeShutdownPrivilege	2780	chrome.exe
Token: SeCreatePagefilePrivilege	2780	chrome.exe
Token: SeShutdownPrivilege	2780	chrome.exe
Token: SeCreatePagefilePrivilege	2780	chrome.exe
Token: SeShutdownPrivilege	2780	chrome.exe
Token: SeCreatePagefilePrivilege	2780	chrome.exe
Token: SeShutdownPrivilege	2780	chrome.exe
Token: SeCreatePagefilePrivilege	2780	chrome.exe
Token: SeShutdownPrivilege	2780	chrome.exe
Token: SeCreatePagefilePrivilege	2780	chrome.exe
Token: SeShutdownPrivilege	2780	chrome.exe
Token: SeCreatePagefilePrivilege	2780	chrome.exe
Token: SeShutdownPrivilege	2780	chrome.exe
Token: SeCreatePagefilePrivilege	2780	chrome.exe
Token: SeShutdownPrivilege	2780	chrome.exe
Token: SeCreatePagefilePrivilege	2780	chrome.exe
Token: SeShutdownPrivilege	2780	chrome.exe
Token: SeCreatePagefilePrivilege	2780	chrome.exe
Token: SeShutdownPrivilege	2780	chrome.exe
Token: SeCreatePagefilePrivilege	2780	chrome.exe
Token: SeShutdownPrivilege	2780	chrome.exe
Token: SeCreatePagefilePrivilege	2780	chrome.exe
Token: SeShutdownPrivilege	2780	chrome.exe
Token: SeCreatePagefilePrivilege	2780	chrome.exe
Token: SeShutdownPrivilege	2780	chrome.exe
Token: SeCreatePagefilePrivilege	2780	chrome.exe
Token: SeShutdownPrivilege	2780	chrome.exe
Token: SeCreatePagefilePrivilege	2780	chrome.exe
Token: SeShutdownPrivilege	2780	chrome.exe
Token: SeCreatePagefilePrivilege	2780	chrome.exe
Token: SeShutdownPrivilege	2780	chrome.exe
Token: SeCreatePagefilePrivilege	2780	chrome.exe
Token: SeShutdownPrivilege	2780	chrome.exe
Token: SeCreatePagefilePrivilege	2780	chrome.exe

Suspicious use of FindShellTrayWindow 27 IoCs

pid	Process
2780	chrome.exe
2780	chrome.exe
2780	chrome.exe
2780	chrome.exe
2780	chrome.exe
2780	chrome.exe
2780	chrome.exe
2780	chrome.exe
2780	chrome.exe
2780	chrome.exe
2780	chrome.exe
2780	chrome.exe
2780	chrome.exe
2780	chrome.exe
2780	chrome.exe
2780	chrome.exe
2780	chrome.exe
2780	chrome.exe
2780	chrome.exe
2780	chrome.exe
2780	chrome.exe
2780	chrome.exe
2780	chrome.exe
2780	chrome.exe
2780	chrome.exe
2780	chrome.exe
2780	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2780	chrome.exe
2780	chrome.exe
2780	chrome.exe
2780	chrome.exe
2780	chrome.exe
2780	chrome.exe
2780	chrome.exe
2780	chrome.exe
2780	chrome.exe
2780	chrome.exe
2780	chrome.exe
2780	chrome.exe
2780	chrome.exe
2780	chrome.exe
2780	chrome.exe
2780	chrome.exe
2780	chrome.exe
2780	chrome.exe
2780	chrome.exe
2780	chrome.exe
2780	chrome.exe
2780	chrome.exe
2780	chrome.exe
2780	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4476	LogonUI.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2780 wrote to memory of 1572	2780	chrome.exe	85
PID 2780 wrote to memory of 1572	2780	chrome.exe	85
PID 2780 wrote to memory of 3104	2780	chrome.exe	86
PID 2780 wrote to memory of 3104	2780	chrome.exe	86
PID 2780 wrote to memory of 3104	2780	chrome.exe	86
PID 2780 wrote to memory of 3104	2780	chrome.exe	86
PID 2780 wrote to memory of 3104	2780	chrome.exe	86
PID 2780 wrote to memory of 3104	2780	chrome.exe	86
PID 2780 wrote to memory of 3104	2780	chrome.exe	86
PID 2780 wrote to memory of 3104	2780	chrome.exe	86
PID 2780 wrote to memory of 3104	2780	chrome.exe	86
PID 2780 wrote to memory of 3104	2780	chrome.exe	86
PID 2780 wrote to memory of 3104	2780	chrome.exe	86
PID 2780 wrote to memory of 3104	2780	chrome.exe	86
PID 2780 wrote to memory of 3104	2780	chrome.exe	86
PID 2780 wrote to memory of 3104	2780	chrome.exe	86
PID 2780 wrote to memory of 3104	2780	chrome.exe	86
PID 2780 wrote to memory of 3104	2780	chrome.exe	86
PID 2780 wrote to memory of 3104	2780	chrome.exe	86
PID 2780 wrote to memory of 3104	2780	chrome.exe	86
PID 2780 wrote to memory of 3104	2780	chrome.exe	86
PID 2780 wrote to memory of 3104	2780	chrome.exe	86
PID 2780 wrote to memory of 3104	2780	chrome.exe	86
PID 2780 wrote to memory of 3104	2780	chrome.exe	86
PID 2780 wrote to memory of 3104	2780	chrome.exe	86
PID 2780 wrote to memory of 3104	2780	chrome.exe	86
PID 2780 wrote to memory of 3104	2780	chrome.exe	86
PID 2780 wrote to memory of 3104	2780	chrome.exe	86
PID 2780 wrote to memory of 3104	2780	chrome.exe	86
PID 2780 wrote to memory of 3104	2780	chrome.exe	86
PID 2780 wrote to memory of 3104	2780	chrome.exe	86
PID 2780 wrote to memory of 3104	2780	chrome.exe	86
PID 2780 wrote to memory of 2724	2780	chrome.exe	87
PID 2780 wrote to memory of 2724	2780	chrome.exe	87
PID 2780 wrote to memory of 4212	2780	chrome.exe	88
PID 2780 wrote to memory of 4212	2780	chrome.exe	88
PID 2780 wrote to memory of 4212	2780	chrome.exe	88
PID 2780 wrote to memory of 4212	2780	chrome.exe	88
PID 2780 wrote to memory of 4212	2780	chrome.exe	88
PID 2780 wrote to memory of 4212	2780	chrome.exe	88
PID 2780 wrote to memory of 4212	2780	chrome.exe	88
PID 2780 wrote to memory of 4212	2780	chrome.exe	88
PID 2780 wrote to memory of 4212	2780	chrome.exe	88
PID 2780 wrote to memory of 4212	2780	chrome.exe	88
PID 2780 wrote to memory of 4212	2780	chrome.exe	88
PID 2780 wrote to memory of 4212	2780	chrome.exe	88
PID 2780 wrote to memory of 4212	2780	chrome.exe	88
PID 2780 wrote to memory of 4212	2780	chrome.exe	88
PID 2780 wrote to memory of 4212	2780	chrome.exe	88
PID 2780 wrote to memory of 4212	2780	chrome.exe	88
PID 2780 wrote to memory of 4212	2780	chrome.exe	88
PID 2780 wrote to memory of 4212	2780	chrome.exe	88
PID 2780 wrote to memory of 4212	2780	chrome.exe	88
PID 2780 wrote to memory of 4212	2780	chrome.exe	88
PID 2780 wrote to memory of 4212	2780	chrome.exe	88
PID 2780 wrote to memory of 4212	2780	chrome.exe	88
PID 2780 wrote to memory of 4212	2780	chrome.exe	88
PID 2780 wrote to memory of 4212	2780	chrome.exe	88
PID 2780 wrote to memory of 4212	2780	chrome.exe	88
PID 2780 wrote to memory of 4212	2780	chrome.exe	88
PID 2780 wrote to memory of 4212	2780	chrome.exe	88
PID 2780 wrote to memory of 4212	2780	chrome.exe	88
PID 2780 wrote to memory of 4212	2780	chrome.exe	88
PID 2780 wrote to memory of 4212	2780	chrome.exe	88

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://steamcommunity.com/linkfilter/e.vg/105757229058
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0xfc,0x100,0x104,0xf8,0xd4,0x7ffde62edcf8,0x7ffde62edd04,0x7ffde62edd10
  2⤵
  PID:1572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=1948,i,7887441962274808614,8373690734445460914,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=1944 /prefetch:2
  2⤵
  PID:3104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --field-trial-handle=1552,i,7887441962274808614,8373690734445460914,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=2224 /prefetch:3
  2⤵
  - Detected potential entity reuse from brand STEAM.
  PID:2724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --field-trial-handle=2344,i,7887441962274808614,8373690734445460914,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=2508 /prefetch:8
  2⤵
  PID:4212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3164,i,7887441962274808614,8373690734445460914,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=3184 /prefetch:1
  2⤵
  PID:2976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3172,i,7887441962274808614,8373690734445460914,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=3244 /prefetch:1
  2⤵
  PID:4364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --extension-process --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4256,i,7887441962274808614,8373690734445460914,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=4300 /prefetch:2
  2⤵
  PID:3328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5180,i,7887441962274808614,8373690734445460914,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=5204 /prefetch:8
  2⤵
  PID:4472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=5436,i,7887441962274808614,8373690734445460914,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=5276 /prefetch:1
  2⤵
  PID:3312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5588,i,7887441962274808614,8373690734445460914,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=5620 /prefetch:1
  2⤵
  PID:4640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=3340,i,7887441962274808614,8373690734445460914,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=3312 /prefetch:8
  2⤵
  PID:5140
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=3332,i,7887441962274808614,8373690734445460914,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=3208 /prefetch:8
  2⤵
  PID:1504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=3300,i,7887441962274808614,8373690734445460914,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=5728 /prefetch:8
  2⤵
  PID:3228

C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"
1⤵
PID:6048

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4080

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x4 /state0:0xa3964055 /state1:0x41c64e6d
1⤵
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
PID:4476

Network

MITRE ATT&CK Enterprise v16

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
414B

MD5
53112a74d88e4e144a010f2c50160a92

SHA1
9d76b4551f6b8af819b9b9818c8f5bf3b199e2a1

SHA256
906dcafbef3c5960dd1f7ca700d7d9ba167923622d6e7aa4961d86d8eb93ea18

SHA512
22031e17b97127ffe5301336459115b799c5afe9c0600bab3b1a0d546a317dd0d3a36432641353198e9bf1a45c7dad5bc23fd934245e19f9493dbf6c666af5e3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
720B

MD5
498fad018ba3b850b367fad4086f00c6

SHA1
51cb0e194f5c30a7cdcc523b9202958be9970def

SHA256
84daa686f4d5a3991287a3305ff9ffa9ef085440ba043ee8901eff7de0eaedfc

SHA512
ab5f624f63045eafd395c7d59682f072f2302d75078fb9e7e6c10b164f4cc2b645346207fbfaaaba033c8bae2a046e6a6c56e672eea66fd914f7820c24e97a1a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnWebGPUCache\data_1

Filesize
264KB

MD5
4a563da6b8a57e883e4ca92b695d6d58

SHA1
1c8c74d285d82a9c6b74059526af3c6ed20563b6

SHA256
be73881f27b60bd6bf3e9d90fd21e40744887fa64a8cbaa6a6eb5033ef322f54

SHA512
885716553758129117db8705715b88f73eca18db0aeb356ce4a46ec8466ba6b6fdff64a2c113cc3257f062ee5c9dd8c1a4f31eda4034d38b64908c84debe3958

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
4515fc5a22ae02bca0b75843b4d59c1b

SHA1
b9122beb4a90312eb94e4399ec64d91295d9e2fa

SHA256
aeb13715d6c92f3cb324e255ee4155bea44771f139780aeffd8a99a5b78cf4c6

SHA512
4d117ae2c8860205e211532f88db6f7e99d7f229a6f7da7dd3932ed0865c64c789b9dcd0b61ffbaaba0817d1ea1bc11ab014e3cb97378f37f90124adaf10126b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
010f70912c4674188f482ee78eba5384

SHA1
3e1457f1c6e79870d7c27f2b78593cfd90c5f0e1

SHA256
cdd51aafc1618b5a4fdff0195fc0abaadd6536e93cd49a6a75d3083a6a324f19

SHA512
bef0ad6bfc886fdca63eb87f885289827d715ebd6f8ab5d1e98054f8a4239fa67b3b4563bdb3c97ad621195f4d0e9386ae9b1c407c03e0a25dc1ee62f68e34c0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
4d667e7ba487646f2eb2fb8bbb9b3d9b

SHA1
c8e13217e387ed3d7c3d1e8bf9e15b67225b4788

SHA256
f6a23649e9f26bc41b196dc1087e38e5fe3c934b2cee73bdaac33fdbadad41bc

SHA512
1c3de2a688946fc80390037f3907c9c53ebebba8a249ecb77d9c16da86ef5c0ac3820d0fa940f63e10e01a24428597d6673773a1d0a7ca4cd4bafca50393c98d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
c539fe619d44fa762b16ed31aa994bf7

SHA1
6b019d351ae93d20832aedf3e893c6230e8aac36

SHA256
3b22d3616898aa7a13fea27dec77c9889c4680e5197604cb7b14aa57c6d581cf

SHA512
ec44696e5e7c73eeaac8e3475ea6c48aa0e19895cec10c8eca12fbc55aa8cbea4027574132eb14e311d553b9607cecc362e8f7b7cde4066384e3af8c04e69c84

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
d3d205ce16d8e505b2d00738565ba49f

SHA1
78ed8f50e63fd49c1ee491f8b429e8a9a4fbda1c

SHA256
d6cb49be7e4cecbfd3ce7c4b63793eace2fe1841ae4bc5a88a86f3f588f754f8

SHA512
b71f6ea3b1e162ee12e252c1fc4ed71a68f8882ed7b428beb50555a4cf1304f1b4917e4bba0b306881b1cca3b1750ca5038abbc80597526b0cfb213a7071b8e3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
bf419416e81eb9d2821638a7cf4f8e43

SHA1
0b5b736a9bb3f1bc291c797ccef65056f27da326

SHA256
ded5df298b14b5fc8f8aff78fc2f9caaad0802125124f5701cfe83fca868e18e

SHA512
79c496678336bbb39ed4e68d947c9e663dc2338b7c51becf363136581f848eae6d03b16db0e3394e18b64d2c277ef80e66993e14a555cb123e515b82aa81fe46

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
161c29a9bec08d466d586b5b206f6a30

SHA1
2c32bc9c2fb511cea5d66f1a61f658fa9b350fee

SHA256
9bac920b44e0638e57ccf3f24cd118b8933127439e1a6ee97f3c81771a8567bd

SHA512
0d9497e43336e0d67259b7d3cf6349dab1f0688ea67715a4a6e4f94b12a129a5caf12ba8f641e35f472f130a9b542f6b5de39026b5c88df261881bd818563dbe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57dc95.TMP

Filesize
48B

MD5
e29f86dcc8b8d47020b914af6d2b07a3

SHA1
cab9da56cd6704cc25f5a7251977a7dbdcca3942

SHA256
fab028c5f2543d9f85bb019742869b3c7393df92489a2e3ee4149f9f0ffb8d23

SHA512
fd94791cecfa8a3a8732ea61979871d2aed2664cdc02cfe3bdbcd1fe86ba1015e84917287ffb41cad7778ec05670a476fcf245a6d67b74df25c524617ac044e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
78KB

MD5
b7efd3d4f66b71c468cf86868b2eb8dd

SHA1
c1012af45f8e4479fd54d9095395e6aa552f4093

SHA256
92ba2fdf85606ccac9d214ee85c4d6c1e9d27020a74111ff2c7a1c2d7a5e1c97

SHA512
b5d84af4ef0411f00697b7d3787935354d99bc80a597fc3c5514a752d0b9caeacc26edf0e32b92d4150d0d5384b7f1b4a0b8ab76d9fe497582aed35c6354b1d7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
79KB

MD5
d23312f682753535ab19301319d45d4c

SHA1
0b818038618380223f526b81a77da369c0dcf073

SHA256
3600fb76ef593cc9c82b5151f8fa74701c8f87e4c4b74bf8b63c1fac9550aafa

SHA512
1439c4a4f16e32da325cb112b43ae82d153e194ed04e70acd9433f3874e9c7016d3160c0c89dcc50696da77b54bd7a86ebc783733cf61a79ea46fb15109c7694

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
167KB

MD5
d5ca32d796f1dc66060fbde918d0defd

SHA1
4ce9488b171a77edfc5b3ac7a4a49521dd9cc974

SHA256
cfa9b7a8175d3e089c9a75b1219ebec5b441b9e58ba5fe7f8a32c5da4a308619

SHA512
d3583db15babf2976c83b018003235cdd215b2e38f4e936a804a41c41cb931add57e7468c744d0b215fc9ea180a9cbb2095a90ec2f38eb0c44c45d0b81780ff7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
79KB

MD5
2e941b908ba1f8216aea75e2998a3c9a

SHA1
0adebbe8e6e43fc1ba4e8cad731755b72928904c

SHA256
6c7e70bf3a090806cb21629e173ca5c5200c33ca3741717eb28181493ed277b5

SHA512
8c8d813cc1a1c3680c508b977b8ce75c6e87e4797d84663ff1297b4ae0199662ab687756808baeaa657e648dccd8d2ce483cdf4d837788941ae11dd29a420031

Download Submit