IOC Report
https://steamcommunilty.com/dota/promo

loading gif

Files

File Path
Type
Category
Malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sun Sep 29 01:45:42 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sun Sep 29 01:45:42 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 4 12:54:07 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sun Sep 29 01:45:42 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sun Sep 29 01:45:42 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sun Sep 29 01:45:42 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
Chrome Cache Entry: 100
HTML document, ASCII text, with CRLF line terminators
dropped
Chrome Cache Entry: 101
Unicode text, UTF-8 text, with CRLF line terminators
downloaded
Chrome Cache Entry: 102
PNG image data, 500 x 500, 8-bit/color RGBA, non-interlaced
downloaded
Chrome Cache Entry: 103
ASCII text, with CRLF line terminators
dropped
Chrome Cache Entry: 104
ASCII text, with very long lines (1667), with CRLF, LF line terminators
downloaded
Chrome Cache Entry: 105
TrueType Font data, digitally signed, 18 tables, 1st "DSIG", 24 names, Macintosh, Copyright \251 2012, 2017, 2020 by Plau. All rights reserved.Motiva SansMedium4.015;Plau;MotivaS
downloaded
Chrome Cache Entry: 106
Web Open Font Format (Version 2), TrueType, length 29104, version 0.0
downloaded
Chrome Cache Entry: 107
PNG image data, 500 x 500, 8-bit/color RGBA, non-interlaced
dropped
Chrome Cache Entry: 108
PNG image data, 360 x 360, 8-bit colormap, non-interlaced
downloaded
Chrome Cache Entry: 109
ASCII text, with CRLF line terminators
downloaded
Chrome Cache Entry: 110
ASCII text, with very long lines (65451)
downloaded
Chrome Cache Entry: 111
TrueType Font data, digitally signed, 18 tables, 1st "DSIG", 24 names, Macintosh, Copyright \251 2012, 2017, 2020 by Plau. All rights reserved.Motiva SansLight4.015;Plau;MotivaSa
downloaded
Chrome Cache Entry: 112
HTML document, Unicode text, UTF-8 text, with very long lines (15528)
downloaded
Chrome Cache Entry: 113
JSON data
dropped
Chrome Cache Entry: 114
Unicode text, UTF-8 text, with CRLF line terminators
dropped
Chrome Cache Entry: 115
SVG Scalable Vector Graphics image
dropped
Chrome Cache Entry: 116
PNG image data, 19 x 12, 8-bit/color RGBA, non-interlaced
dropped
Chrome Cache Entry: 117
PNG image data, 19 x 12, 8-bit/color RGBA, non-interlaced
downloaded
Chrome Cache Entry: 118
ASCII text, with very long lines (65482), with CRLF line terminators
dropped
Chrome Cache Entry: 119
ASCII text, with CRLF line terminators
downloaded
Chrome Cache Entry: 120
ASCII text, with CRLF, LF line terminators
downloaded
Chrome Cache Entry: 121
Unicode text, UTF-8 text, with CRLF line terminators
downloaded
Chrome Cache Entry: 122
SVG Scalable Vector Graphics image
dropped
Chrome Cache Entry: 123
ASCII text, with very long lines (65482), with CRLF line terminators
downloaded
Chrome Cache Entry: 124
PNG image data, 244 x 212, 8-bit/color RGBA, non-interlaced
downloaded
Chrome Cache Entry: 125
ASCII text, with CRLF line terminators
dropped
Chrome Cache Entry: 126
PNG image data, 744 x 171, 8-bit/color RGBA, non-interlaced
downloaded
Chrome Cache Entry: 127
Unicode text, UTF-8 text, with very long lines (4458), with CRLF line terminators
dropped
Chrome Cache Entry: 128
PNG image data, 15 x 13, 8-bit/color RGBA, non-interlaced
downloaded
Chrome Cache Entry: 129
SVG Scalable Vector Graphics image
dropped
Chrome Cache Entry: 130
Unicode text, UTF-8 text, with very long lines (4458), with CRLF line terminators
downloaded
Chrome Cache Entry: 131
HTML document, Unicode text, UTF-8 text, with very long lines (2444)
downloaded
Chrome Cache Entry: 132
ASCII text, with CRLF, LF line terminators
downloaded
Chrome Cache Entry: 133
ASCII text, with no line terminators
downloaded
Chrome Cache Entry: 134
Unicode text, UTF-8 text, with very long lines (536), with CRLF line terminators
dropped
Chrome Cache Entry: 135
PNG image data, 744 x 171, 8-bit/color RGBA, non-interlaced
dropped
Chrome Cache Entry: 136
SVG Scalable Vector Graphics image
downloaded
Chrome Cache Entry: 137
ASCII text, with very long lines (1819), with CRLF, LF line terminators
downloaded
Chrome Cache Entry: 138
Unicode text, UTF-8 text, with CRLF line terminators
dropped
Chrome Cache Entry: 139
Unicode text, UTF-8 text, with very long lines (52909), with no line terminators
dropped
Chrome Cache Entry: 140
JSON data
downloaded
Chrome Cache Entry: 141
ASCII text, with CRLF line terminators
dropped
Chrome Cache Entry: 142
PNG image data, 92 x 26, 8-bit/color RGBA, non-interlaced
dropped
Chrome Cache Entry: 143
SVG Scalable Vector Graphics image
dropped
Chrome Cache Entry: 144
SVG Scalable Vector Graphics image
downloaded
Chrome Cache Entry: 145
SVG Scalable Vector Graphics image
downloaded
Chrome Cache Entry: 146
JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 21.1 (Windows), datetime=2020:06:30 16:20:58], baseline, precision 8, 1920x1108, components 3
downloaded
Chrome Cache Entry: 147
ASCII text, with very long lines (547)
downloaded
Chrome Cache Entry: 148
ASCII text, with very long lines (549), with CRLF line terminators
downloaded
Chrome Cache Entry: 149
PNG image data, 244 x 212, 8-bit/color RGBA, non-interlaced
dropped
Chrome Cache Entry: 150
ASCII text, with CRLF line terminators
downloaded
Chrome Cache Entry: 151
ASCII text, with very long lines (549), with CRLF line terminators
dropped
Chrome Cache Entry: 152
HTML document, ASCII text, with CRLF, CR line terminators
dropped
Chrome Cache Entry: 153
PNG image data, 92 x 26, 8-bit/color RGBA, non-interlaced
downloaded
Chrome Cache Entry: 154
ASCII text, with very long lines (65451)
dropped
Chrome Cache Entry: 155
TrueType Font data, digitally signed, 18 tables, 1st "DSIG", 22 names, Macintosh, Copyright \251 2012, 2017, 2020 by Plau. All rights reserved.Motiva SansBold4.015;Plau;MotivaSan
downloaded
Chrome Cache Entry: 156
HTML document, ASCII text, with CRLF line terminators
downloaded
Chrome Cache Entry: 157
ASCII text, with very long lines (547)
dropped
Chrome Cache Entry: 158
Unicode text, UTF-8 text, with CRLF line terminators
downloaded
Chrome Cache Entry: 159
PNG image data, 360 x 360, 8-bit colormap, non-interlaced
dropped
Chrome Cache Entry: 160
TrueType Font data, digitally signed, 18 tables, 1st "DSIG", 24 names, Macintosh, Copyright \251 2012, 2017, 2020 by Plau. All rights reserved.Motiva SansThin4.015;Plau;MotivaSan
downloaded
Chrome Cache Entry: 161
SVG Scalable Vector Graphics image
downloaded
Chrome Cache Entry: 162
Unicode text, UTF-8 text, with very long lines (52909), with no line terminators
downloaded
Chrome Cache Entry: 163
ASCII text, with CRLF line terminators
downloaded
Chrome Cache Entry: 164
Unicode text, UTF-8 text, with very long lines (536), with CRLF line terminators
downloaded
Chrome Cache Entry: 165
TrueType Font data, digitally signed, 18 tables, 1st "DSIG", 22 names, Macintosh, Copyright \251 2012, 2017, 2020 by Plau. All rights reserved.Motiva SansRegular4.015;Plau;Motiva
downloaded
Chrome Cache Entry: 97
ASCII text, with CRLF line terminators
downloaded
Chrome Cache Entry: 98
PNG image data, 15 x 13, 8-bit/color RGBA, non-interlaced
dropped
Chrome Cache Entry: 99
HTML document, ASCII text, with CRLF, CR line terminators
downloaded
There are 66 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2124 --field-trial-handle=2028,i,13519128570733382040,1250571849527623618,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://steamcommunilty.com/dota/promo"

URLs

Name
IP
Malicious
https://steamcommunilty.com/dota/promo
malicious
https://steamcommunilty.com/dota/promo
malicious
https://steamcommunity.com/chat/group/
unknown
https://cdn.cloudflare.steamstatic.com/store/about/icon-steamos.svg
104.18.42.105
http://api.jqueryui.com/slide-effect/
unknown
http://blogs.law.harvard.edu/ivan)
unknown
https://store.akamai.steamstatic.com/public/shared/fonts/MotivaSans-Medium.ttf?v=4.015
2.16.168.6
https://store.akamai.steamstatic.com/public/shared/images/ico/ico-deck-unknown.svg
unknown
https://store.steampowered.com/dynamicstore/userdata/?id=
unknown
https://store.akamai.steamstatic.com/public/shared/images/ico/ico-deck-verified.svg
unknown
https://store.akamai.steamstatic.com/public/shared/css/shared_responsive.css?v=cuGNP1dzetug&l=russian
2.16.168.6
https://cdn.akamai.steamstatic.com/store/about/icon-steamos.svg
unknown
https://store.akamai.steamstatic.com/public/shared/images/buttons/icons_16.png?v=5);
unknown
https://github.com/jquery/jquery-color
unknown
https://store.akamai.steamstatic.com/public/shared/css/shared_global.css?v=z199r3iqKbyb&l=russia
unknown
https://store.akamai.steamstatic.com/public/javascript/dynamicstore.js?v=lVaX0vVVmhcl&l=russian
unknown
http://api.jqueryui.com/jQuery.widget/
unknown
https://store.akamai.steamstatic.com/public/shared/images/community/levels_patterns_3-4.png?v=2
unknown
https://store.akamai.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png
2.16.168.6
https://store.akamai.steamstatic.com/public/shared/fonts/MotivaSans-Black.ttf?v=4.015
unknown
https://bugzilla.mozilla.org/show_bug.cgi?id=561664
unknown
https://store.akamai.steamstatic.com/public/shared/images/header/notification_bell.png
unknown
https://store.steampowered.com/tagdata/recommendedtags
unknown
https://store.akamai.steamstatic.com/public/shared/images/community/levels_airelement_1-2.png
unknown
https://store.akamai.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016
2.16.168.6
https://store.akamai.steamstatic.com/public/shared/images/community/levels_grunge_4.png?v=2
unknown
http://api.jqueryui.com/button/
unknown
https://store.akamai.steamstatic.com/public/javascript/dynamicstore.js?v=lVaX0vVVmhcl&l=russian
2.16.168.6
https://store.akamai.steamstatic.com/public/shared/fonts/MotivaSans-RegularItalic.ttf?v=4.015
unknown
https://store.akamai.steamstatic.com/public/shared/images/community/levels_halftone_2.png?v=2
unknown
https://cdn.akamai.steamstatic.com/store/promo/newstore2016/homepage_long_01.jpg?v=1);
unknown
https://store.akamai.steamstatic.com/public/shared/images/friendindicator_small.png
unknown
http://bugs.jquery.com/ticket/9917
unknown
http://api.jqueryui.com/size-effect/
unknown
https://steamcommunity.com/chat/friend/
unknown
https://store.akamai.steamstatic.com/public/javascript/about.js?v=T9HhtJ81mJgN&l=russian
unknown
https://steamcommunilty.com/bbbaf8e80a7536b97dbd999076245b70dc8dbc115424/fbb03415573020a0364b4616e1948978690f57de99d1.js
104.21.88.228
https://steamcommunity.com/chat/
unknown
https://store.akamai.steamstatic.com/public/shared/images/community/levels_hexagons.png
unknown
https://store.akamai.steamstatic.com/public/shared/css/motiva_sans.css?v=Rc2hpzg2Ex3T&l=russian
unknown
https://store.akamai.steamstatic.com/public/shared/images/responsive/local_menu_hamburger.png
unknown
https://store.akamai.steamstatic.com/public/shared/fonts/MotivaSans-BoldItalic.ttf?v=4.015
unknown
https://store.akamai.steamstatic.com/public/shared/images/ico/ico-deck-unsupported.svg
unknown
https://store.steampowered.com/dynamicstore/saledata/?cc=BY
95.101.149.47
http://api.jqueryui.com/category/ui-core/
unknown
https://cdn.steamstatic.com/steamcommunity/public/images/items/570/f63da4d6ef68e93e799ca1d67f6d345f0aa124bd.jpg
2.16.238.20
https://store.akamai.steamstatic.com/public/css/styles_about.css?v=i6LprAjCXlha&l=russian
unknown
https://store.akamai.steamstatic.com/public/shared/images/community/levels_space.png
unknown
https://store.akamai.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt0
2.16.168.6
https://store.akamai.steamstatic.com/public/shared/images/community/levels_grunge_1.png?v=2
unknown
https://store.steampowered.com/freelicense/addfreelicense/
unknown
https://store.akamai.steamstatic.com/public/css/styles_about.css?v=i6LprAjCXlha&l=russian
2.16.168.6
https://store.steampowered.com/friends/recommendgame
unknown
https://store.steampowered.com/tag/ru/
unknown
https://store.akamai.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=cxQV9f417bc5&l=russian
2.16.168.6
https://store.steampowered.com/account/setlanguage/
unknown
https://cdn.akamai.steamstatic.com/store/about/icon-chromeos.svg
unknown
https://steam.tv/parental/ajaxlock
unknown
https://store.akamai.steamstatic.com/public/shared/images/community/levels_patterns_7-8.png?v=2
unknown
https://store.akamai.steamstatic.com/public/css/promo/newstore2016.css?v=Lv_hriLyrQ5z&l=russian
unknown
https://store.akamai.steamstatic.com/public/shared/javascript/jquery-1.8.3.min.js?v=.TZ2NKhB-nliU
2.16.168.6
http://api.jqueryui.com/transfer-effect/
unknown
https://store.steampowered.com/bundle/
unknown
http://www.youworkforthem.com/designer/293/niramekko
unknown
http://www.robertpenner.com/easing)
unknown
https://store.akamai.steamstatic.com/public/shared/images/community/levels_flag.png
unknown
https://store.akamai.steamstatic.com/public/shared/images/community/levels_geo_9-10.png?v=2
unknown
https://store.akamai.steamstatic.com/public/shared/images/header/inbox_moderator_message.png
unknown
https://store.akamai.steamstatic.com/public/shared/fonts/MotivaSans-Bold.ttf?v=4.015
2.16.168.6
https://store.akamai.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=Me1IBxzktiwk&l=russian&load=effects,controls,slider
2.16.168.6
https://store.akamai.steamstatic.com/public/shared/fonts/MotivaSans-Regular.ttf?v=4.015
2.16.168.6
https://community.akamai.steamstatic.com/
unknown
https://store.akamai.steamstatic.com/public/shared/images/community/levels_earthelement.png
unknown
http://api.jqueryui.com/drop-effect/
unknown
https://store.akamai.steamstatic.com/public/shared/images/header/inbox_icons_sprite.png
unknown
http://diveintomark.org/)
unknown
https://store.akamai.steamstatic.com/public/shared/css/shared_responsive.css?v=cuGNP1dzetug&l=ru
unknown
https://store.steampowered.com/cart/
unknown
https://store.akamai.steamstatic.com/public/shared/images/community/levels_airelement_3-4.png
unknown
https://cdn.cloudflare.steamstatic.com/store/about/icon-macos.svg
104.18.42.105
https://store.akamai.steamstatic.com/public/css/slick/slick.css?v=ZSVHTEnT3WNW&l=russian
2.16.168.6
https://store.akamai.steamstatic.com/public/shared/images/community/levels_grunge_2.png?v=2
unknown
http://api.jqueryui.com/menu/
unknown
https://store.akamai.steamstatic.com/public/shared/images/community/levels_geo_7-8.png?v=2
unknown
https://store.akamai.steamstatic.com/public/shared/images/community/levels_shapes_3.png?v=2
unknown
https://store.akamai.steamstatic.com/public/shared/images/community/levels_waterelement.png
unknown
http://api.jqueryui.com/category/effects-core/
unknown
http://bugs.jquery.com/ticket/8235
unknown
https://store.akamai.steamstatic.com/public/javascript/slick/slick.js?v=.UvbXNQdQm-AJ
2.16.168.6
https://store.akamai.steamstatic.com/public/shared/images/popups/btn_arrow_down_padded.png
2.16.168.6
https://cdn.akamai.steamstatic.com/store/promo/newstore2016/header_background.jpg
unknown
https://steamcommunilty.com/76182f5879575000575d454111037666104679772906.woff2
104.21.88.228
http://api.jqueryui.com/dialog/
unknown
https://cdn.akamai.steamstatic.com/store/promo/summer2020/tiling_orange.png?v=2
unknown
https://a.nel.cloudflare.com/report/v4?s=w%2FB4ZQR0cfJrd7NuxGrmrOMV14Db0j15yFNDYoZ1hNZecGF69Ia4FgD1GcbybyceWKiAJGRNKJYRYlxMF49mhEgHrHCVl24HNTShgJyLFrpx06bro6IjSZkuvcttf%2BgBtDoB4NZg
35.190.80.1
https://store.steampowered.com/search/smallcapscroll
unknown
https://help.steampowered.com/ru/wizard/HelpWithLimitedAccount
unknown
https://cdn.cloudflare.steamstatic.com/store/about/icon-chromeos.svg
104.18.42.105
https://store.akamai.steamstatic.com/public/shared/images/community/levels_chevrons.png
unknown
https://store.akamai.steamstatic.com/public/shared/images/community/levels_spiro_9-10.png?v=2
unknown
http://www.youworkforthem.com/product.php?sku=T2982
unknown
There are 90 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
cdn.steamstatic.com
2.16.238.20
bg.microsoft.map.fastly.net
199.232.214.172
a.nel.cloudflare.com
35.190.80.1
code.jquery.com
151.101.66.137
store.steampowered.com
95.101.149.47
cdnjs.cloudflare.com
104.17.24.14
steamcommunilty.com
104.21.88.228
www.google.com
216.58.206.36
store.akamai.steamstatic.com
2.16.168.6
cdn.cloudflare.steamstatic.com
104.18.42.105
fp2e7a.wpc.phicdn.net
192.229.221.95
i.ibb.co
169.197.85.95
There are 2 hidden domains, click here to show them.

IPs

IP
Domain
Country
Malicious
2.16.238.157
unknown
European Union
192.168.2.4
unknown
unknown
216.58.206.36
www.google.com
United States
192.168.2.5
unknown
unknown
172.64.145.151
unknown
United States
151.101.66.137
code.jquery.com
United States
35.190.80.1
a.nel.cloudflare.com
United States
169.197.85.95
i.ibb.co
United States
104.17.24.14
cdnjs.cloudflare.com
United States
104.18.42.105
cdn.cloudflare.steamstatic.com
United States
142.250.186.36
unknown
United States
2.16.238.20
cdn.steamstatic.com
European Union
162.19.58.158
unknown
United States
172.67.153.181
unknown
United States
239.255.255.250
unknown
Reserved
95.101.149.47
store.steampowered.com
European Union
2.16.168.6
store.akamai.steamstatic.com
European Union
104.21.88.228
steamcommunilty.com
United States
104.17.25.14
unknown
United States
There are 9 hidden IPs, click here to show them.

DOM / HTML

URL
Malicious
https://steamcommunilty.com/dota/promo
https://steamcommunilty.com/dota/promo
https://steamcommunilty.com/dota/promo
https://steamcommunilty.com/dota/promo
https://steamcommunilty.com/dota/promo
https://steamcommunilty.com/dota/promo