hxxps://steamcommunitn[.]com/10598432090961

Analysis

max time kernel
103s
max time network
108s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
09-04-2024 14:47

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

https://steamcommunitn.com/10598432090961

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 17 IoCs

Processes:

chrome.exeLogonUI.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292311040"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "221"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4288567808"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89"	LogonUI.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133571476934191333"	chrome.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent	LogonUI.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = a6d8ff0076b9ed00429ce3000078d700005a9e000042750000264200f7630c00	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292311040"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365271"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365271"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1"	LogonUI.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

chrome.exe

pid process

1432 chrome.exe
1432 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

Processes:

chrome.exe

pid process

1432 chrome.exe
1432 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeCreatePagefilePrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeCreatePagefilePrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeCreatePagefilePrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeCreatePagefilePrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeCreatePagefilePrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeCreatePagefilePrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeCreatePagefilePrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeCreatePagefilePrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeCreatePagefilePrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeCreatePagefilePrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeCreatePagefilePrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeCreatePagefilePrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeCreatePagefilePrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeCreatePagefilePrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeCreatePagefilePrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeCreatePagefilePrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeCreatePagefilePrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeCreatePagefilePrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeCreatePagefilePrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeCreatePagefilePrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeCreatePagefilePrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeCreatePagefilePrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeCreatePagefilePrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeCreatePagefilePrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeCreatePagefilePrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeCreatePagefilePrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeCreatePagefilePrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeCreatePagefilePrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeCreatePagefilePrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeCreatePagefilePrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeCreatePagefilePrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeCreatePagefilePrivilege	1432	chrome.exe

Suspicious use of FindShellTrayWindow 27 IoCs

Processes:

chrome.exe

pid	process
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

LogonUI.exe

pid process

3036 LogonUI.exe

pid	process
3036	LogonUI.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 1432 wrote to memory of 440	1432	chrome.exe	chrome.exe
PID 1432 wrote to memory of 440	1432	chrome.exe	chrome.exe
PID 1432 wrote to memory of 1112	1432	chrome.exe	chrome.exe
PID 1432 wrote to memory of 1112	1432	chrome.exe	chrome.exe
PID 1432 wrote to memory of 1112	1432	chrome.exe	chrome.exe
PID 1432 wrote to memory of 1112	1432	chrome.exe	chrome.exe
PID 1432 wrote to memory of 1112	1432	chrome.exe	chrome.exe
PID 1432 wrote to memory of 1112	1432	chrome.exe	chrome.exe
PID 1432 wrote to memory of 1112	1432	chrome.exe	chrome.exe
PID 1432 wrote to memory of 1112	1432	chrome.exe	chrome.exe
PID 1432 wrote to memory of 1112	1432	chrome.exe	chrome.exe
PID 1432 wrote to memory of 1112	1432	chrome.exe	chrome.exe
PID 1432 wrote to memory of 1112	1432	chrome.exe	chrome.exe
PID 1432 wrote to memory of 1112	1432	chrome.exe	chrome.exe
PID 1432 wrote to memory of 1112	1432	chrome.exe	chrome.exe
PID 1432 wrote to memory of 1112	1432	chrome.exe	chrome.exe
PID 1432 wrote to memory of 1112	1432	chrome.exe	chrome.exe
PID 1432 wrote to memory of 1112	1432	chrome.exe	chrome.exe
PID 1432 wrote to memory of 1112	1432	chrome.exe	chrome.exe
PID 1432 wrote to memory of 1112	1432	chrome.exe	chrome.exe
PID 1432 wrote to memory of 1112	1432	chrome.exe	chrome.exe
PID 1432 wrote to memory of 1112	1432	chrome.exe	chrome.exe
PID 1432 wrote to memory of 1112	1432	chrome.exe	chrome.exe
PID 1432 wrote to memory of 1112	1432	chrome.exe	chrome.exe
PID 1432 wrote to memory of 1112	1432	chrome.exe	chrome.exe
PID 1432 wrote to memory of 1112	1432	chrome.exe	chrome.exe
PID 1432 wrote to memory of 1112	1432	chrome.exe	chrome.exe
PID 1432 wrote to memory of 1112	1432	chrome.exe	chrome.exe
PID 1432 wrote to memory of 1112	1432	chrome.exe	chrome.exe
PID 1432 wrote to memory of 1112	1432	chrome.exe	chrome.exe
PID 1432 wrote to memory of 1112	1432	chrome.exe	chrome.exe
PID 1432 wrote to memory of 1112	1432	chrome.exe	chrome.exe
PID 1432 wrote to memory of 1112	1432	chrome.exe	chrome.exe
PID 1432 wrote to memory of 1112	1432	chrome.exe	chrome.exe
PID 1432 wrote to memory of 1112	1432	chrome.exe	chrome.exe
PID 1432 wrote to memory of 1112	1432	chrome.exe	chrome.exe
PID 1432 wrote to memory of 1112	1432	chrome.exe	chrome.exe
PID 1432 wrote to memory of 1112	1432	chrome.exe	chrome.exe
PID 1432 wrote to memory of 1112	1432	chrome.exe	chrome.exe
PID 1432 wrote to memory of 1112	1432	chrome.exe	chrome.exe
PID 1432 wrote to memory of 1636	1432	chrome.exe	chrome.exe
PID 1432 wrote to memory of 1636	1432	chrome.exe	chrome.exe
PID 1432 wrote to memory of 4052	1432	chrome.exe	chrome.exe
PID 1432 wrote to memory of 4052	1432	chrome.exe	chrome.exe
PID 1432 wrote to memory of 4052	1432	chrome.exe	chrome.exe
PID 1432 wrote to memory of 4052	1432	chrome.exe	chrome.exe
PID 1432 wrote to memory of 4052	1432	chrome.exe	chrome.exe
PID 1432 wrote to memory of 4052	1432	chrome.exe	chrome.exe
PID 1432 wrote to memory of 4052	1432	chrome.exe	chrome.exe
PID 1432 wrote to memory of 4052	1432	chrome.exe	chrome.exe
PID 1432 wrote to memory of 4052	1432	chrome.exe	chrome.exe
PID 1432 wrote to memory of 4052	1432	chrome.exe	chrome.exe
PID 1432 wrote to memory of 4052	1432	chrome.exe	chrome.exe
PID 1432 wrote to memory of 4052	1432	chrome.exe	chrome.exe
PID 1432 wrote to memory of 4052	1432	chrome.exe	chrome.exe
PID 1432 wrote to memory of 4052	1432	chrome.exe	chrome.exe
PID 1432 wrote to memory of 4052	1432	chrome.exe	chrome.exe
PID 1432 wrote to memory of 4052	1432	chrome.exe	chrome.exe
PID 1432 wrote to memory of 4052	1432	chrome.exe	chrome.exe
PID 1432 wrote to memory of 4052	1432	chrome.exe	chrome.exe
PID 1432 wrote to memory of 4052	1432	chrome.exe	chrome.exe
PID 1432 wrote to memory of 4052	1432	chrome.exe	chrome.exe
PID 1432 wrote to memory of 4052	1432	chrome.exe	chrome.exe
PID 1432 wrote to memory of 4052	1432	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://steamcommunitn.com/10598432090961
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1432

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe7ebc9758,0x7ffe7ebc9768,0x7ffe7ebc9778
2⤵
PID:440

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1764 --field-trial-handle=1900,i,17891164591403135767,6710743401526865429,131072 /prefetch:2
2⤵
PID:1112

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 --field-trial-handle=1900,i,17891164591403135767,6710743401526865429,131072 /prefetch:8
2⤵
PID:1636

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2204 --field-trial-handle=1900,i,17891164591403135767,6710743401526865429,131072 /prefetch:8
2⤵
PID:4052

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2932 --field-trial-handle=1900,i,17891164591403135767,6710743401526865429,131072 /prefetch:1
2⤵
PID:4048

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2940 --field-trial-handle=1900,i,17891164591403135767,6710743401526865429,131072 /prefetch:1
2⤵
PID:1376

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5300 --field-trial-handle=1900,i,17891164591403135767,6710743401526865429,131072 /prefetch:8
2⤵
PID:5016

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4928 --field-trial-handle=1900,i,17891164591403135767,6710743401526865429,131072 /prefetch:8
2⤵
PID:4984

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1816

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4076 --field-trial-handle=2280,i,11703952675008463361,17436195144517971517,262144 --variations-seed-version /prefetch:8
1⤵
PID:1132

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x4 /state0:0xa399d855 /state1:0x41c64e6d
1⤵
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
PID:3036

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
456B

MD5
eaa105ef4108dfd4cf971fd54f3dec41

SHA1
cb5e516dc3a0b117f6125b8bacbad1d679795ca2

SHA256
bbab02fdfea9ccfe7985925376c3085e6cb09ac7b196be836f9a6e6b1e164959

SHA512
88a6148a8c2e76a0f7634306ffdd6a1a015eb2392579be6795288d57915c69e79492603e00b4e703b45af8b192762493d2d7b77128f3e00531080d03dafe6107

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
1KB

MD5
6d6e2fcfb8cc5010eb644d307c6c049c

SHA1
1f07ba900da3662f56aff312c2b8b295ff15828a

SHA256
3e3148d41f67ddd4a7b92ac4886f2f4116b65f4771a39a0639f76d9f39ed074f

SHA512
4c4bcb72f50d6ff88de603a5f0fe6926a1b653360d7775644fab5142e90c7ab7e400e4842afad9af632ff2d9be8cca69e9abd63932e115a6332ea8c5a89f4bdc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
873B

MD5
e8522a568ed7f10fdda9c2d7dd662824

SHA1
31b9c492a02a407f333f4e5c739e107e18f0ab68

SHA256
18ce786501a272b41ec766557cdbbbddbdae8c0da02d4b67de82216bf535292f

SHA512
c1c6e217f64fbe0cd020bfa56dcebbdce8a8dbd44ab4c1422ec5da18737343e924f4e0a51da6a3185d9f55c1fcc46ba1eeee7be416d32d3648aca7cd1cc1ec22

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
6caaedb1513a9bedefc8cf2532b8bd6a

SHA1
f96e6849c1b1d1788a9e8917700cae001a5ec524

SHA256
57b585f6d3363a155259364e1db1372ee0de4feb8892286f0119fc406d54ec13

SHA512
fb037cbf5996503509a800ad654aa1c0656a3080778c7cfbf134e58c29ec0ad43f0508accc42229d360bedf16a5521f2541fda19de5ad84377b506fa19610b06

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
5KB

MD5
7887b1b8456e26638324c819196ad75f

SHA1
23be642001608a6cc08f0ce6c2f82b198b89cf6c

SHA256
5b2f9c1266be8b2797687d9bb2e2c1a55e71e7c7843a5b985435fdd1a07415fa

SHA512
19d59b1ad53117f69af621ef0ab50c0b48a5b35ffd419d068ef7221bd5c9c36d56317c02b77df3d4a9d3bd73c1d0eabbc93fd33deb203fa07c9e3f04e21e4972

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
49020d05a4c7a4e605e1d7511def73dd

SHA1
b5faf25af340f3072cbdaf1a479f7023a6144544

SHA256
6968aa3d8f3eec5ac9a6303cf91be7290a0dbb0c4459c8fa49f143536c0213ec

SHA512
62af90f657f68562062ab99fab25a6fec0b2f59792791d0ef7844233ef84ccd7b121b403d7aaca81ccb94fe12ccc4a120f6714cf8e1719574968abb4f4f6fab2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
2af996c7f65092b98d18ffc8e4846591

SHA1
2356cc84bc8ea8de28ab0f37d6c54e26d8e86fb0

SHA256
4f5411356d82fda39b66635b16a54e31913a8c9434705ba759ffa19e3d569579

SHA512
ec7d0af1fc733a638ddaaea346e3413a4cdcfdb03a34b4ba62b09c7ea60644bb2525a1144bcb50e13b915ebcef9f21c7a09e62a170196b4bedcc66e03b07eabc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
128KB

MD5
0b62d6f14865e45e736d2b57aa91ca30

SHA1
c0f05920d77045c2c64fde99c4aae6cae694f6a3

SHA256
986f82f00fb572434322434289734614b5bb64dc1a44bd58235cbe94e0a256cd

SHA512
3503ecffe92de2d85883591844e508b76015a8ce3e9880c0f5824e45fe086c9aaae50c9ef4875cd039c658bb9606dfbcfc5a133a8c3eefb53570f0b45e2e94dc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
128KB

MD5
6d8297b8a2bf4abe33344efd09e721ac

SHA1
af2e5390de6db52636cdd7384eae3b5346cf9db7

SHA256
078245bceffaab6b31bde53eee7fd70cdbad259ca3fb00e4e581e3e23b9afcae

SHA512
7338ae15908ef9614a43e68a35d5af36956731a21e4a08a590eeff938343bed7c4cf40dc235f49576d4ddf8b3d0cf63bbd78fe7e0f0208baccae9fbabbb7af69

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1
Filesize
264KB

MD5
e0dfe4b62cf83bff476f6d8cf2cd961f

SHA1
93b8003579ad8b7f54aeff5e8e1b31019ba59f27

SHA256
884a4eb1257b1620e4844c40bf3cbd395b37306a5022336ad882e6eda1e2b277

SHA512
4c8e93efa8ed2d30cef39ecc3b72c492bd7e1dbb8aa50cf76f1fa7895493a900853f92b485d2b85f9e9034ff674d25c294026389e07f71bf7be4d97e54b626dd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic
Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
\??\pipe\crashpad_1432_APZFITBHMAGPWVJG
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit

Analysis

Sharing

Errors

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v13

Replay Monitor

Loading Replay Monitor...

Downloads