hxxps://steamcomunnutiy[.]com/gift/activation/feor37569hFvrba6

Analysis

max time kernel
150s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
26-02-2024 22:10

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

https://steamcomunnutiy.com/gift/activation/feor37569hFvrba6

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 16 IoCs

Processes:

LogonUI.exechrome.exe

description	ioc	process
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "54"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1"	LogonUI.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent	LogonUI.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = a6d8ff0076b9ed00429ce3000078d700005a9e000042750000264200f7630c00	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292311040"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292311040"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4288567808"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365271"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365271"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1"	LogonUI.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

chrome.exechrome.exe

pid process

4856 chrome.exe
4856 chrome.exe
2204 chrome.exe
2204 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

Processes:

chrome.exe

pid process

4856 chrome.exe
4856 chrome.exe
4856 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	4856	chrome.exe
Token: SeCreatePagefilePrivilege	4856	chrome.exe
Token: SeShutdownPrivilege	4856	chrome.exe
Token: SeCreatePagefilePrivilege	4856	chrome.exe
Token: SeShutdownPrivilege	4856	chrome.exe
Token: SeCreatePagefilePrivilege	4856	chrome.exe
Token: SeShutdownPrivilege	4856	chrome.exe
Token: SeCreatePagefilePrivilege	4856	chrome.exe
Token: SeShutdownPrivilege	4856	chrome.exe
Token: SeCreatePagefilePrivilege	4856	chrome.exe
Token: SeShutdownPrivilege	4856	chrome.exe
Token: SeCreatePagefilePrivilege	4856	chrome.exe
Token: SeShutdownPrivilege	4856	chrome.exe
Token: SeCreatePagefilePrivilege	4856	chrome.exe
Token: SeShutdownPrivilege	4856	chrome.exe
Token: SeCreatePagefilePrivilege	4856	chrome.exe
Token: SeShutdownPrivilege	4856	chrome.exe
Token: SeCreatePagefilePrivilege	4856	chrome.exe
Token: SeShutdownPrivilege	4856	chrome.exe
Token: SeCreatePagefilePrivilege	4856	chrome.exe
Token: SeShutdownPrivilege	4856	chrome.exe
Token: SeCreatePagefilePrivilege	4856	chrome.exe
Token: SeShutdownPrivilege	4856	chrome.exe
Token: SeCreatePagefilePrivilege	4856	chrome.exe
Token: SeShutdownPrivilege	4856	chrome.exe
Token: SeCreatePagefilePrivilege	4856	chrome.exe
Token: SeShutdownPrivilege	4856	chrome.exe
Token: SeCreatePagefilePrivilege	4856	chrome.exe
Token: SeShutdownPrivilege	4856	chrome.exe
Token: SeCreatePagefilePrivilege	4856	chrome.exe
Token: SeShutdownPrivilege	4856	chrome.exe
Token: SeCreatePagefilePrivilege	4856	chrome.exe
Token: SeShutdownPrivilege	4856	chrome.exe
Token: SeCreatePagefilePrivilege	4856	chrome.exe
Token: SeShutdownPrivilege	4856	chrome.exe
Token: SeCreatePagefilePrivilege	4856	chrome.exe
Token: SeShutdownPrivilege	4856	chrome.exe
Token: SeCreatePagefilePrivilege	4856	chrome.exe
Token: SeShutdownPrivilege	4856	chrome.exe
Token: SeCreatePagefilePrivilege	4856	chrome.exe
Token: SeShutdownPrivilege	4856	chrome.exe
Token: SeCreatePagefilePrivilege	4856	chrome.exe
Token: SeShutdownPrivilege	4856	chrome.exe
Token: SeCreatePagefilePrivilege	4856	chrome.exe
Token: SeShutdownPrivilege	4856	chrome.exe
Token: SeCreatePagefilePrivilege	4856	chrome.exe
Token: SeShutdownPrivilege	4856	chrome.exe
Token: SeCreatePagefilePrivilege	4856	chrome.exe
Token: SeShutdownPrivilege	4856	chrome.exe
Token: SeCreatePagefilePrivilege	4856	chrome.exe
Token: SeShutdownPrivilege	4856	chrome.exe
Token: SeCreatePagefilePrivilege	4856	chrome.exe
Token: SeShutdownPrivilege	4856	chrome.exe
Token: SeCreatePagefilePrivilege	4856	chrome.exe
Token: SeShutdownPrivilege	4856	chrome.exe
Token: SeCreatePagefilePrivilege	4856	chrome.exe
Token: SeShutdownPrivilege	4856	chrome.exe
Token: SeCreatePagefilePrivilege	4856	chrome.exe
Token: SeShutdownPrivilege	4856	chrome.exe
Token: SeCreatePagefilePrivilege	4856	chrome.exe
Token: SeShutdownPrivilege	4856	chrome.exe
Token: SeCreatePagefilePrivilege	4856	chrome.exe
Token: SeShutdownPrivilege	4856	chrome.exe
Token: SeCreatePagefilePrivilege	4856	chrome.exe

Suspicious use of FindShellTrayWindow 27 IoCs

Processes:

chrome.exe

pid	process
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

LogonUI.exe

pid process

1324 LogonUI.exe

pid	process
1324	LogonUI.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 4856 wrote to memory of 2524	4856	chrome.exe	chrome.exe
PID 4856 wrote to memory of 2524	4856	chrome.exe	chrome.exe
PID 4856 wrote to memory of 3552	4856	chrome.exe	chrome.exe
PID 4856 wrote to memory of 3552	4856	chrome.exe	chrome.exe
PID 4856 wrote to memory of 3552	4856	chrome.exe	chrome.exe
PID 4856 wrote to memory of 3552	4856	chrome.exe	chrome.exe
PID 4856 wrote to memory of 3552	4856	chrome.exe	chrome.exe
PID 4856 wrote to memory of 3552	4856	chrome.exe	chrome.exe
PID 4856 wrote to memory of 3552	4856	chrome.exe	chrome.exe
PID 4856 wrote to memory of 3552	4856	chrome.exe	chrome.exe
PID 4856 wrote to memory of 3552	4856	chrome.exe	chrome.exe
PID 4856 wrote to memory of 3552	4856	chrome.exe	chrome.exe
PID 4856 wrote to memory of 3552	4856	chrome.exe	chrome.exe
PID 4856 wrote to memory of 3552	4856	chrome.exe	chrome.exe
PID 4856 wrote to memory of 3552	4856	chrome.exe	chrome.exe
PID 4856 wrote to memory of 3552	4856	chrome.exe	chrome.exe
PID 4856 wrote to memory of 3552	4856	chrome.exe	chrome.exe
PID 4856 wrote to memory of 3552	4856	chrome.exe	chrome.exe
PID 4856 wrote to memory of 3552	4856	chrome.exe	chrome.exe
PID 4856 wrote to memory of 3552	4856	chrome.exe	chrome.exe
PID 4856 wrote to memory of 3552	4856	chrome.exe	chrome.exe
PID 4856 wrote to memory of 3552	4856	chrome.exe	chrome.exe
PID 4856 wrote to memory of 3552	4856	chrome.exe	chrome.exe
PID 4856 wrote to memory of 3552	4856	chrome.exe	chrome.exe
PID 4856 wrote to memory of 3552	4856	chrome.exe	chrome.exe
PID 4856 wrote to memory of 3552	4856	chrome.exe	chrome.exe
PID 4856 wrote to memory of 3552	4856	chrome.exe	chrome.exe
PID 4856 wrote to memory of 3552	4856	chrome.exe	chrome.exe
PID 4856 wrote to memory of 3552	4856	chrome.exe	chrome.exe
PID 4856 wrote to memory of 3552	4856	chrome.exe	chrome.exe
PID 4856 wrote to memory of 3552	4856	chrome.exe	chrome.exe
PID 4856 wrote to memory of 3552	4856	chrome.exe	chrome.exe
PID 4856 wrote to memory of 3552	4856	chrome.exe	chrome.exe
PID 4856 wrote to memory of 3552	4856	chrome.exe	chrome.exe
PID 4856 wrote to memory of 3552	4856	chrome.exe	chrome.exe
PID 4856 wrote to memory of 3552	4856	chrome.exe	chrome.exe
PID 4856 wrote to memory of 3552	4856	chrome.exe	chrome.exe
PID 4856 wrote to memory of 3552	4856	chrome.exe	chrome.exe
PID 4856 wrote to memory of 3552	4856	chrome.exe	chrome.exe
PID 4856 wrote to memory of 3552	4856	chrome.exe	chrome.exe
PID 4856 wrote to memory of 208	4856	chrome.exe	chrome.exe
PID 4856 wrote to memory of 208	4856	chrome.exe	chrome.exe
PID 4856 wrote to memory of 1432	4856	chrome.exe	chrome.exe
PID 4856 wrote to memory of 1432	4856	chrome.exe	chrome.exe
PID 4856 wrote to memory of 1432	4856	chrome.exe	chrome.exe
PID 4856 wrote to memory of 1432	4856	chrome.exe	chrome.exe
PID 4856 wrote to memory of 1432	4856	chrome.exe	chrome.exe
PID 4856 wrote to memory of 1432	4856	chrome.exe	chrome.exe
PID 4856 wrote to memory of 1432	4856	chrome.exe	chrome.exe
PID 4856 wrote to memory of 1432	4856	chrome.exe	chrome.exe
PID 4856 wrote to memory of 1432	4856	chrome.exe	chrome.exe
PID 4856 wrote to memory of 1432	4856	chrome.exe	chrome.exe
PID 4856 wrote to memory of 1432	4856	chrome.exe	chrome.exe
PID 4856 wrote to memory of 1432	4856	chrome.exe	chrome.exe
PID 4856 wrote to memory of 1432	4856	chrome.exe	chrome.exe
PID 4856 wrote to memory of 1432	4856	chrome.exe	chrome.exe
PID 4856 wrote to memory of 1432	4856	chrome.exe	chrome.exe
PID 4856 wrote to memory of 1432	4856	chrome.exe	chrome.exe
PID 4856 wrote to memory of 1432	4856	chrome.exe	chrome.exe
PID 4856 wrote to memory of 1432	4856	chrome.exe	chrome.exe
PID 4856 wrote to memory of 1432	4856	chrome.exe	chrome.exe
PID 4856 wrote to memory of 1432	4856	chrome.exe	chrome.exe
PID 4856 wrote to memory of 1432	4856	chrome.exe	chrome.exe
PID 4856 wrote to memory of 1432	4856	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://steamcomunnutiy.com/gift/activation/feor37569hFvrba6
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4856

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc40c69758,0x7ffc40c69768,0x7ffc40c69778
2⤵
PID:2524

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1644 --field-trial-handle=1840,i,7069653227822771328,5691650643082315715,131072 /prefetch:2
2⤵
PID:3552

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 --field-trial-handle=1840,i,7069653227822771328,5691650643082315715,131072 /prefetch:8
2⤵
PID:208

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2224 --field-trial-handle=1840,i,7069653227822771328,5691650643082315715,131072 /prefetch:8
2⤵
PID:1432

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2744 --field-trial-handle=1840,i,7069653227822771328,5691650643082315715,131072 /prefetch:1
2⤵
PID:4984

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2752 --field-trial-handle=1840,i,7069653227822771328,5691650643082315715,131072 /prefetch:1
2⤵
PID:4612

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5368 --field-trial-handle=1840,i,7069653227822771328,5691650643082315715,131072 /prefetch:8
2⤵
PID:1832

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4980 --field-trial-handle=1840,i,7069653227822771328,5691650643082315715,131072 /prefetch:8
2⤵
PID:4036

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1592 --field-trial-handle=1840,i,7069653227822771328,5691650643082315715,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2204

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5520 --field-trial-handle=1840,i,7069653227822771328,5691650643082315715,131072 /prefetch:1
2⤵
PID:2616

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3112

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x4 /state0:0xa3947855 /state1:0x41c64e6d
1⤵
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
PID:1324

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000023
Filesize
119KB

MD5
57613e143ff3dae10f282e84a066de28

SHA1
88756cc8c6db645b5f20aa17b14feefb4411c25f

SHA256
19b8db163bcc51732457efa40911b4a422f297ff3cd566467d87eab93cef0c14

SHA512
94f045e71b9276944609ca69fc4b8704e4447f9b0fc2b80789cc012235895c50ef9ecb781a3ed901a0c989bed26caa37d4d4a9baffcce2cb19606dbb16a17176

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000025
Filesize
121KB

MD5
2d64caa5ecbf5e42cbb766ca4d85e90e

SHA1
147420abceb4a7fd7e486dddcfe68cda7ebb3a18

SHA256
045b433f94502cfa873a39e72d616c73ec1b4c567b7ee0f847f442651683791f

SHA512
c96556ec57dac504919e806c7df536c4f86892b8525739289b2f2dbbf475de883a4824069dbdd4bb1770dd484f321563a00892e6c79d48818a4b95406bf1af96

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
1KB

MD5
c96dd7282272cccd52f96dbdd48e0560

SHA1
ee6c68a8f5944920c7af3d26eb3b9ded7236f0d1

SHA256
095ae708f6ac99c8320c66edb50ec183af724f4871ffe9e9edb2aac0df2cf713

SHA512
71359fba5d0ee72513f27f4112d30e5c6424b276c5db6ebfbb526290e2e10405393689ca534fd4d710e1303bc670cbb2bece6661db1a03948751cecfe340cfec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
480B

MD5
7928b75f19ce6c06b591d4ae9670d4a7

SHA1
95b9e97f13a729bf886336f7d8d709ed14ba4d24

SHA256
1bf0b909315fc5bcf46a4575ebe1ecf986dd54e75f6d2ce93277210741bceb95

SHA512
80a2526c75885db4696fb09e5b68ca3c0476b673d3c5d0bcacef6a6d510898f4792de0bc2afb0dc3cc2ce2b2bdc3adb766d6a3d43b4bb72a9ea466f49092c372

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1
Filesize
264KB

MD5
08b9881ac592318e1cae389b403e8fef

SHA1
cf804279b25343901f8618ddc82c92813a2c12cb

SHA256
2a2a182cd72556f4cd90f3bb38cde8963a8e0ebd754c38ffb6adf31f6c20bb92

SHA512
60a9983235661088c31b420c4b321841606285c4a0c4eadb1694e9bb706c68a9a0cb97b42ede01d3d7a79707d8fec6e370e029f743952294feac98581484e943

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
1KB

MD5
fa7e8c7aec60ce3cedf06a7768810a13

SHA1
69e8e5938c3f2ec5b094c6868e073584b338bd11

SHA256
1320640860502a8d0cce69547142601eb406054437f3ba3a8c567b3d748e7c52

SHA512
8b4382234354c379e7797ed374d610ff837bb88839a1473832734211f5a34505a1398ae6bb0826a1d21861b8a9257119e3199e9ba83f101ad32d8c98116be988

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
2KB

MD5
4b5e2b2ed2c16c71126fe9d40f5d6a20

SHA1
25071be41bf3758b85c9f03ed1bfc346e96d8e86

SHA256
fb136199c45166f27104712e25972e94a0f9711c5ce3fc29ee9a6bd40e1a030a

SHA512
eff402e5eec9441e1019e6d5c9aca6409db64d30df871f57bd4299c3dbdd56a59a7e4120a30e6e73be6b58ce8c073bd93e4d980d014981fc256d3b023566cd6b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
872B

MD5
ca71ee55cb73dca69b94e70636b7902e

SHA1
6949d45342972f0ebad86e48d10d5fda13073945

SHA256
79b0e7976b409ca193de2dc13a72febf43edcf1101dafe310d74851552183662

SHA512
1e5ae9b53598fd952272461a0d867c6cbffb9c7425b5ec817673155ff12a639a342e80dfdeebc7e903e858e7466bad167aa1acd92d077671559f3ff5aabf9bcd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
dbe8f66a5401bbd05d615c09757fb59d

SHA1
207ff825d9bd1656de6b5bc7c070f6cd003e9746

SHA256
ebeac9a0203f6294d84d6cf0bb9eac72c80922a46ce528723b19ccc260fb6b9b

SHA512
4e4de088ec73c656783bf68174ac01a72ea22783f0cf58360c72eb9028597c08314f4c656ff43c2dc91da0e3611dd7e28d2e801512054b16fd6ec76512b58241

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
6ba2516c939fbb8098eb62ede5c52406

SHA1
5a096c44ca00372c5ddffb08622b89571612af9a

SHA256
55567ebad0078677ec4012901c82a5e5503c59f32ca7511d5014f61d36e5cc16

SHA512
eeb4b2e33ff4f3fd1da821786040d13d28675f1386251be67e1632c2910c9edd6e0b018a0ee04a79af4bc5e3a38421eca9f92bf3b0c522c6006f427861de68e8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
daf3d8b0fa919ffeb1a42c5ee3d2abe9

SHA1
629446e00a3d0b382b415272388dfebcffa262b9

SHA256
3581fcdcfc8ca60e770bf2139076269d3bf74eba973085bc4aab0e4ea3617e3b

SHA512
1c03c283fd0737c42f8e90ffe1d065b2ed795c0b7dbb8204e1dbf2e73f02cec1da13e405dd822c5b1204755309842dcfe48e35c74543f19e94562e0a00e0871e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
6846c3fb2e55c5b1bec99aca10d29914

SHA1
e83a5096523884ec83e2d77e534fcbbaf1ac046d

SHA256
f43f7ae0c54cd16c3b334e50a18e57b6dfb52a0e017e1f2b0255180fa6376e6d

SHA512
6079916e70d417fcba46ac6694de5b607c3d48cd719237e23cedcc6cac69438d70ff2eb6621a28c1ed4941903ba873e70d2897acefc894ad91a8d9891e80dbd6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
d8bd08189e36ea79fbf5fd72414e61c6

SHA1
455a7ac2f4611c04a254c5a938ba707e10846f0b

SHA256
82acb874f1be19d1aefef94b4e7dd41ffc6b86617cfb6d49a3157af886ba105e

SHA512
1c09914e300884400975798da374be93b7a80ccac7180ccb33f130a957a9502fd736f5b99917423e214d411e552432eef66400cb584cf0518ed890fac6b71e3d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
128KB

MD5
1ae7096f9350aea5906c4b9c773ce845

SHA1
44c125fb9573732138c65ecba63f26d61bc9decf

SHA256
1c15a6ed312676db0d680a59ca0bd2e74d9bcebea8a3f6fb838d44cd07fb95b8

SHA512
2a4ae56081ed91908413cfadb4741f097d17c4a8270b41a74ca0b9b9f6d5d891bde6c6e226ab372140a809cfc84484454ce8d2a8fa6b0dc3410c23391d30092c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
128KB

MD5
a607306cb0707207b0ab486c45209b7c

SHA1
8a60b4a86e93df0c4a3395f780a72548605ddbe4

SHA256
9b2ba1b1adf0ac88f665345709892cc47fef65a001d5e8749953d3ff1cc5241f

SHA512
029e862df4473e0f6f9c93000bc7eff66ac52c011e77f5a801290133f5d94df15de4dbd37aa28f1e9008666b00fa5ab74d6b9558bb0026f4e6db743d1b0e5d99

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
128KB

MD5
895a2f2d1b3b499ee1640f6a65667223

SHA1
77a06b41d78fbe2d4820349297cffb7463aac1d5

SHA256
d13f8a7a9987f67a8493b23bf6ff67fb2d5d5d1335c36f10d501cc7123b96ab7

SHA512
8b5400afbcce60ac347ae25aa6ace973d7fe27e77de3b86973bbf68d270ea24bf287d19c05c9d3448c8a1df33e893f03a19a77fefc148a734d4040950e1968b3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
\??\pipe\crashpad_4856_QNZPAFFYORPAJNSC
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit

Analysis

Sharing

Errors

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads