d3c040370700057aae02eb3237ea6819174369cf1e69b146f61ffc276f53ceea

Analysis

max time kernel
1762s
max time network
1129s
platform
windows11-21h2_x64
resource
win11-20240730-en
resource tags

arch:x64arch:x86image:win11-20240730-enlocale:en-usos:windows11-21h2-x64system
submitted
01-08-2024 22:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

httpscdn.discordapp.comattachments1.txt
Size

199B
MD5

9037d5bd3ae9c38ffd90f8d5b3af258a
SHA1

e52dc8a6f4c5afac9b675e26e5f73b9e63008825
SHA256

d3c040370700057aae02eb3237ea6819174369cf1e69b146f61ffc276f53ceea
SHA512

a0a16540ffed2264a5001906f37df7b221e04202672696e9e2a53e605c10dce4946c95c8554d9ea315426626f988ffd27e1c4c81ddd678e70de9f02a97c3b3ec

Score

5^/10

discovery

Malware Config

Signatures

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_01cf530faf2f1752\display.PNF	chrome.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_01cf530faf2f1752\display.PNF	chrome.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133670256640891446"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 3 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1974522869-4251526421-3305193628-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\USER\S-1-5-21-1974522869-4251526421-3305193628-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1974522869-4251526421-3305193628-1000_Classes\Local Settings	OpenWith.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\DumpedLoadstringRequire.zip:Zone.Identifier	chrome.exe

Opens file in notepad (likely ransom note) 1 IoCs

ransomware

pid	Process
4500	NOTEPAD.EXE

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
3204	chrome.exe
3204	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
3204	chrome.exe
3204	chrome.exe
3204	chrome.exe
3204	chrome.exe
3204	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3204	chrome.exe
Token: SeCreatePagefilePrivilege	3204	chrome.exe
Token: SeShutdownPrivilege	3204	chrome.exe
Token: SeCreatePagefilePrivilege	3204	chrome.exe
Token: SeShutdownPrivilege	3204	chrome.exe
Token: SeCreatePagefilePrivilege	3204	chrome.exe
Token: SeShutdownPrivilege	3204	chrome.exe
Token: SeCreatePagefilePrivilege	3204	chrome.exe
Token: SeShutdownPrivilege	3204	chrome.exe
Token: SeCreatePagefilePrivilege	3204	chrome.exe
Token: SeShutdownPrivilege	3204	chrome.exe
Token: SeCreatePagefilePrivilege	3204	chrome.exe
Token: SeShutdownPrivilege	3204	chrome.exe
Token: SeCreatePagefilePrivilege	3204	chrome.exe
Token: SeShutdownPrivilege	3204	chrome.exe
Token: SeCreatePagefilePrivilege	3204	chrome.exe
Token: SeShutdownPrivilege	3204	chrome.exe
Token: SeCreatePagefilePrivilege	3204	chrome.exe
Token: SeShutdownPrivilege	3204	chrome.exe
Token: SeCreatePagefilePrivilege	3204	chrome.exe
Token: SeShutdownPrivilege	3204	chrome.exe
Token: SeCreatePagefilePrivilege	3204	chrome.exe
Token: SeShutdownPrivilege	3204	chrome.exe
Token: SeCreatePagefilePrivilege	3204	chrome.exe
Token: SeShutdownPrivilege	3204	chrome.exe
Token: SeCreatePagefilePrivilege	3204	chrome.exe
Token: SeShutdownPrivilege	3204	chrome.exe
Token: SeCreatePagefilePrivilege	3204	chrome.exe
Token: SeShutdownPrivilege	3204	chrome.exe
Token: SeCreatePagefilePrivilege	3204	chrome.exe
Token: SeShutdownPrivilege	3204	chrome.exe
Token: SeCreatePagefilePrivilege	3204	chrome.exe
Token: SeShutdownPrivilege	3204	chrome.exe
Token: SeCreatePagefilePrivilege	3204	chrome.exe
Token: SeShutdownPrivilege	3204	chrome.exe
Token: SeCreatePagefilePrivilege	3204	chrome.exe
Token: SeShutdownPrivilege	3204	chrome.exe
Token: SeCreatePagefilePrivilege	3204	chrome.exe
Token: SeShutdownPrivilege	3204	chrome.exe
Token: SeCreatePagefilePrivilege	3204	chrome.exe
Token: SeShutdownPrivilege	3204	chrome.exe
Token: SeCreatePagefilePrivilege	3204	chrome.exe
Token: SeShutdownPrivilege	3204	chrome.exe
Token: SeCreatePagefilePrivilege	3204	chrome.exe
Token: SeShutdownPrivilege	3204	chrome.exe
Token: SeCreatePagefilePrivilege	3204	chrome.exe
Token: SeShutdownPrivilege	3204	chrome.exe
Token: SeCreatePagefilePrivilege	3204	chrome.exe
Token: SeShutdownPrivilege	3204	chrome.exe
Token: SeCreatePagefilePrivilege	3204	chrome.exe
Token: SeShutdownPrivilege	3204	chrome.exe
Token: SeCreatePagefilePrivilege	3204	chrome.exe
Token: SeShutdownPrivilege	3204	chrome.exe
Token: SeCreatePagefilePrivilege	3204	chrome.exe
Token: SeShutdownPrivilege	3204	chrome.exe
Token: SeCreatePagefilePrivilege	3204	chrome.exe
Token: SeShutdownPrivilege	3204	chrome.exe
Token: SeCreatePagefilePrivilege	3204	chrome.exe
Token: SeShutdownPrivilege	3204	chrome.exe
Token: SeCreatePagefilePrivilege	3204	chrome.exe
Token: SeShutdownPrivilege	3204	chrome.exe
Token: SeCreatePagefilePrivilege	3204	chrome.exe
Token: SeShutdownPrivilege	3204	chrome.exe
Token: SeCreatePagefilePrivilege	3204	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
3204	chrome.exe
3204	chrome.exe
3204	chrome.exe
3204	chrome.exe
3204	chrome.exe
3204	chrome.exe
3204	chrome.exe
3204	chrome.exe
3204	chrome.exe
3204	chrome.exe
3204	chrome.exe
3204	chrome.exe
3204	chrome.exe
3204	chrome.exe
3204	chrome.exe
3204	chrome.exe
3204	chrome.exe
3204	chrome.exe
3204	chrome.exe
3204	chrome.exe
3204	chrome.exe
3204	chrome.exe
3204	chrome.exe
3204	chrome.exe
3204	chrome.exe
3204	chrome.exe
3204	chrome.exe
3204	chrome.exe
3204	chrome.exe
3204	chrome.exe
3204	chrome.exe
3204	chrome.exe
3204	chrome.exe
3204	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
3204	chrome.exe
3204	chrome.exe
3204	chrome.exe
3204	chrome.exe
3204	chrome.exe
3204	chrome.exe
3204	chrome.exe
3204	chrome.exe
3204	chrome.exe
3204	chrome.exe
3204	chrome.exe
3204	chrome.exe

Suspicious use of SetWindowsHookEx 25 IoCs

pid	Process
2876	OpenWith.exe
2876	OpenWith.exe
2876	OpenWith.exe
2876	OpenWith.exe
2876	OpenWith.exe
2876	OpenWith.exe
2876	OpenWith.exe
2876	OpenWith.exe
2876	OpenWith.exe
2876	OpenWith.exe
2876	OpenWith.exe
2876	OpenWith.exe
2876	OpenWith.exe
2876	OpenWith.exe
2876	OpenWith.exe
2876	OpenWith.exe
2876	OpenWith.exe
2876	OpenWith.exe
2876	OpenWith.exe
2876	OpenWith.exe
2876	OpenWith.exe
2876	OpenWith.exe
2876	OpenWith.exe
2876	OpenWith.exe
2876	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4172 wrote to memory of 4500	4172	cmd.exe	82
PID 4172 wrote to memory of 4500	4172	cmd.exe	82
PID 3204 wrote to memory of 1332	3204	chrome.exe	90
PID 3204 wrote to memory of 1332	3204	chrome.exe	90
PID 3204 wrote to memory of 5084	3204	chrome.exe	91
PID 3204 wrote to memory of 5084	3204	chrome.exe	91
PID 3204 wrote to memory of 5084	3204	chrome.exe	91
PID 3204 wrote to memory of 5084	3204	chrome.exe	91
PID 3204 wrote to memory of 5084	3204	chrome.exe	91
PID 3204 wrote to memory of 5084	3204	chrome.exe	91
PID 3204 wrote to memory of 5084	3204	chrome.exe	91
PID 3204 wrote to memory of 5084	3204	chrome.exe	91
PID 3204 wrote to memory of 5084	3204	chrome.exe	91
PID 3204 wrote to memory of 5084	3204	chrome.exe	91
PID 3204 wrote to memory of 5084	3204	chrome.exe	91
PID 3204 wrote to memory of 5084	3204	chrome.exe	91
PID 3204 wrote to memory of 5084	3204	chrome.exe	91
PID 3204 wrote to memory of 5084	3204	chrome.exe	91
PID 3204 wrote to memory of 5084	3204	chrome.exe	91
PID 3204 wrote to memory of 5084	3204	chrome.exe	91
PID 3204 wrote to memory of 5084	3204	chrome.exe	91
PID 3204 wrote to memory of 5084	3204	chrome.exe	91
PID 3204 wrote to memory of 5084	3204	chrome.exe	91
PID 3204 wrote to memory of 5084	3204	chrome.exe	91
PID 3204 wrote to memory of 5084	3204	chrome.exe	91
PID 3204 wrote to memory of 5084	3204	chrome.exe	91
PID 3204 wrote to memory of 5084	3204	chrome.exe	91
PID 3204 wrote to memory of 5084	3204	chrome.exe	91
PID 3204 wrote to memory of 5084	3204	chrome.exe	91
PID 3204 wrote to memory of 5084	3204	chrome.exe	91
PID 3204 wrote to memory of 5084	3204	chrome.exe	91
PID 3204 wrote to memory of 5084	3204	chrome.exe	91
PID 3204 wrote to memory of 5084	3204	chrome.exe	91
PID 3204 wrote to memory of 5084	3204	chrome.exe	91
PID 3204 wrote to memory of 3748	3204	chrome.exe	92
PID 3204 wrote to memory of 3748	3204	chrome.exe	92
PID 3204 wrote to memory of 3044	3204	chrome.exe	93
PID 3204 wrote to memory of 3044	3204	chrome.exe	93
PID 3204 wrote to memory of 3044	3204	chrome.exe	93
PID 3204 wrote to memory of 3044	3204	chrome.exe	93
PID 3204 wrote to memory of 3044	3204	chrome.exe	93
PID 3204 wrote to memory of 3044	3204	chrome.exe	93
PID 3204 wrote to memory of 3044	3204	chrome.exe	93
PID 3204 wrote to memory of 3044	3204	chrome.exe	93
PID 3204 wrote to memory of 3044	3204	chrome.exe	93
PID 3204 wrote to memory of 3044	3204	chrome.exe	93
PID 3204 wrote to memory of 3044	3204	chrome.exe	93
PID 3204 wrote to memory of 3044	3204	chrome.exe	93
PID 3204 wrote to memory of 3044	3204	chrome.exe	93
PID 3204 wrote to memory of 3044	3204	chrome.exe	93
PID 3204 wrote to memory of 3044	3204	chrome.exe	93
PID 3204 wrote to memory of 3044	3204	chrome.exe	93
PID 3204 wrote to memory of 3044	3204	chrome.exe	93
PID 3204 wrote to memory of 3044	3204	chrome.exe	93
PID 3204 wrote to memory of 3044	3204	chrome.exe	93
PID 3204 wrote to memory of 3044	3204	chrome.exe	93
PID 3204 wrote to memory of 3044	3204	chrome.exe	93
PID 3204 wrote to memory of 3044	3204	chrome.exe	93
PID 3204 wrote to memory of 3044	3204	chrome.exe	93
PID 3204 wrote to memory of 3044	3204	chrome.exe	93
PID 3204 wrote to memory of 3044	3204	chrome.exe	93
PID 3204 wrote to memory of 3044	3204	chrome.exe	93
PID 3204 wrote to memory of 3044	3204	chrome.exe	93
PID 3204 wrote to memory of 3044	3204	chrome.exe	93

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\httpscdn.discordapp.comattachments1.txt
1⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:4172
- C:\Windows\system32\NOTEPAD.EXE
  "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\httpscdn.discordapp.comattachments1.txt
  2⤵
  - Opens file in notepad (likely ransom note)
  PID:4500

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3204
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb7d35cc40,0x7ffb7d35cc4c,0x7ffb7d35cc58
  2⤵
  PID:1332
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1824,i,9008112533366530071,10381338090707514486,262144 --variations-seed-version=20240730-050116.493000 --mojo-platform-channel-handle=1820 /prefetch:2
  2⤵
  PID:5084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2028,i,9008112533366530071,10381338090707514486,262144 --variations-seed-version=20240730-050116.493000 --mojo-platform-channel-handle=2088 /prefetch:3
  2⤵
  PID:3748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2184,i,9008112533366530071,10381338090707514486,262144 --variations-seed-version=20240730-050116.493000 --mojo-platform-channel-handle=2196 /prefetch:8
  2⤵
  PID:3044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3080,i,9008112533366530071,10381338090707514486,262144 --variations-seed-version=20240730-050116.493000 --mojo-platform-channel-handle=3228 /prefetch:1
  2⤵
  PID:3524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3148,i,9008112533366530071,10381338090707514486,262144 --variations-seed-version=20240730-050116.493000 --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:3580
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4432,i,9008112533366530071,10381338090707514486,262144 --variations-seed-version=20240730-050116.493000 --mojo-platform-channel-handle=4440 /prefetch:1
  2⤵
  PID:4696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4632,i,9008112533366530071,10381338090707514486,262144 --variations-seed-version=20240730-050116.493000 --mojo-platform-channel-handle=4644 /prefetch:8
  2⤵
  PID:876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4888,i,9008112533366530071,10381338090707514486,262144 --variations-seed-version=20240730-050116.493000 --mojo-platform-channel-handle=4900 /prefetch:8
  2⤵
  PID:500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4984,i,9008112533366530071,10381338090707514486,262144 --variations-seed-version=20240730-050116.493000 --mojo-platform-channel-handle=4968 /prefetch:1
  2⤵
  PID:3140
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5028,i,9008112533366530071,10381338090707514486,262144 --variations-seed-version=20240730-050116.493000 --mojo-platform-channel-handle=4516 /prefetch:8
  2⤵
  - NTFS ADS
  PID:5064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5408,i,9008112533366530071,10381338090707514486,262144 --variations-seed-version=20240730-050116.493000 --mojo-platform-channel-handle=4944 /prefetch:1
  2⤵
  PID:4376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=3456,i,9008112533366530071,10381338090707514486,262144 --variations-seed-version=20240730-050116.493000 --mojo-platform-channel-handle=3476 /prefetch:8
  2⤵
  - Drops file in System32 directory
  - Suspicious behavior: EnumeratesProcesses
  PID:2600

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
1⤵
PID:3128

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3456

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2164

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:2876

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
b5ad5caaaee00cb8cf445427975ae66c

SHA1
dcde6527290a326e048f9c3a85280d3fa71e1e22

SHA256
b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

SHA512
92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
1008B

MD5
d222b77a61527f2c177b0869e7babc24

SHA1
3f23acb984307a4aeba41ebbb70439c97ad1f268

SHA256
80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

SHA512
d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000002

Filesize
209KB

MD5
3e552d017d45f8fd93b94cfc86f842f2

SHA1
dbeebe83854328e2575ff67259e3fb6704b17a47

SHA256
27d9c4613df7a3c04da0b79c13217aa69992b441acb7e44bf2a7578ca87d97d6

SHA512
e616436f2f15615429c7c5c37de3990c3e86c5e1da7d75a0f524fc458b75d44a5be1a3648a628d63e1cf8aa062e08b538f2f2bc9c6a0b42157beb24f82c571d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
89d9f5abe4fae027d1d27db6e285df98

SHA1
3a578062f13e86235613862e0109f3de4e1e4825

SHA256
737a799ccddba4cf0e9754290b757127b06c56118cac8a7641798f1ae8831b8c

SHA512
a53d28d0d69a9578dca6509297fbfdcdb9c84522a7a89b48c4cc43189854136fb524b2c7db955ccfbef1f6aa5b974e09b90a4672a684ce298534853e1ea71c4f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
ba37cfdbfc94bda9127b4f8ee8aa23d6

SHA1
3e0f2bd875dd2e59e707d7bf8ba48dfbe0eb51f6

SHA256
4cde445f19335d1b39e218be394a4f655db3e044995e3792662d2330289ab1d6

SHA512
69d6bd0aa3ffadbd7c0ae125cd62e05ae74b997adefe83e5b85362cd07bbf8b8dd5e8ded5bac9b8ffdcb1984ad8859e9099bdbb5be3604ec135ed3c1a5339d4e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
2b35276d1a6fbb24df4bc3a0193139c2

SHA1
2bb42bcacd22f4161cf012ee797edcc4b329192e

SHA256
3e5af3ba01c566a78c463f3dae4bf12b0b5b130ec14601cac195af77315063dd

SHA512
280ff97369233821bdaa33e292359de6303c944b42c0f759e8cead732c2d3a1a0f0690b265c6b15f1b1d95daf2ab573a9c76b1df1056ec1f21108f184f55a1d6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
7135b248cad21755c2c266233d52fcfc

SHA1
48b2f6b29b56599b2add9da29fd98e5091ff442e

SHA256
52c98e9dffcab8b95ef485919b6d928a4870178c4576286e28b475f6b71ac1fe

SHA512
2f667b301fa5d2e02fe6ef479f408576974c7bb9cde2135c87b2c8085405f67dc6bee6696fac7c185b5c890352bb0051a2f92fa0a0739c06a0f15bb1902a333e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
f67e11c245cf0fce6f51bf4a431d905b

SHA1
bf68df8e2fedd9fa49845ed19fcf2349fd147704

SHA256
8ef2762a019741da3f142c54ce379f048e2e413c5de2682f967e59d3a43f69fa

SHA512
3f6dab78ce57f2c066caedf934d82081a0eff36ca91690623d0478924dd8bd96a2ae42a950d320e07725d1f3ae6065cd88e42bb36f017eeb3236354e8734ea42

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
e9bc415fb4b50c88686ef8da8e816af1

SHA1
de7319c9601632d134ba57defd0634fa992a1888

SHA256
5a776cb5bf0a0b2ca40a22db152542a71dc38071aa8359b9a28e69ad6dfb06ca

SHA512
916dfdabd5daa3a89059540d8a039e35c014c61994239fd244f2370d541b2d962ebee4f0fc6efe03171335504925f33f6aa4192fd9f15dc364e4ed22403db34c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
a0d9c632a2d8db868faf84eb923d8644

SHA1
beac9119105be5f2ccf08bec37ec2fbef0de0819

SHA256
4df102a6faf8ba281b3679f9045f1910d5ca9e3f62c32df9a0a4be9dca8a5d3f

SHA512
376cac77ee530c8831b61d36010d79116bbe97f65f1fe66ec98c6a6fefd5e629863d86ec17729fafe6807cf3fdaaac630f9d0c4f9a3118ca12e34ab768c36a2a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
329cb870e90ceec75e45fadee25008ea

SHA1
08708323c9b9d2d58172a9fe9ee2369a45cbd018

SHA256
aa84eac77491175b426a70bce306f95cc95e6eb1d81a76c6f1eaf5a7087c9c2b

SHA512
78e8e7227bb9fcbe58ae0f9b308a118ae964efde989e66d82c33eb192c1da736cedc7f6640c623aacfe6ee551b12875a09fa3c37079f9c5d00fca8f53b021b37

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
4e806d1fbaf14bfbde16de770e3dc782

SHA1
c40386933b617799135549b95f2ddcf952d66829

SHA256
47e30f91ddb7974541b5eed766b18239bce95440555f186412e2452030844c9f

SHA512
f57f4a91401f56ff7991118a2302c2de57b9089d96197ea9ad323b397f547ef87fbcc020792531f89202fefaf67f47333b2483845ee3ee2cbcf3b0fc63c7e332

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
60fa3ee93daeb488a086768ac3e16479

SHA1
51d7ec2cc65ce6b3990eef0700b612b1e7dd9c9a

SHA256
d46500e190e4f75d0b7538a81d73efc379f16e54d328c7e475c3a530fb14884f

SHA512
448d87ad8f92d3e4b78af504110ff257b35ea8e95558999cd16ab7a1afc2b1b1f3ee8545ebd266830d216ece1b1c5c91df162814c056be324a811856dc77e4ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
fdaf4d539c77d62bc7df60f53abc9da4

SHA1
0286f56973b6c707fe3f0da8cdf1c2717312d905

SHA256
7e9ca91767b3fc3440b63f8b9f4aed1d072a39708bc936a3fefa0fd377723b5c

SHA512
0c151952f4f495313aaaddd834ae0b168e9f4367cc8c5abab46552ddc0aad6b19469d4b31e8ef0a82641750c919d5361458d78a677c21db892a1ad7c5812ab77

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
6dc7d78c7c58574fc95dc713fef7c69d

SHA1
54574747de75ae286b1aa5b41bd948a452e7c2a4

SHA256
af828eabebffdec9772d0b45694288f9fdd5ccd3994086cca19eb77ca3005b25

SHA512
13969fec0f3d141d7cfc7fc1c47067679aa67d5f3ca5ca4fc78cb0bda73596e284e7b1e33695b23e2e43d9a79bc688a12d734819b90a5cfb4215c7667e6275a0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
37a216295b6277960843488a2f74d30e

SHA1
d0f7224e3ad756b6d820395b7c91082d8020d9e5

SHA256
aa94e66ec8d27076e4cf3626c16039a7f5f0329066734b9c6d0534e312e4b0e3

SHA512
aaa1287e4c322d3550a543a2489fe462b0f5e94ecfd760e3c3e67e22c022e70176328a78282d4266ba7f6103ef87f5d566a96990df82c5ab4b2cea0e06f4d166

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a4a9fe0424cae0dc564e4e037bf70719

SHA1
dbd62b2fcda51b04ad4f96cadbb16d4b6e1c1b67

SHA256
32fd4b7a73915ec63bb347155f425bb29c7c41ffde61f1b9a6681dd55246ad15

SHA512
498c57fa12f41178878428f958997076f1c8ca00c665e9108ad52e4ff1ead026dacafa84d95f81ed3d98fab65cf7f1c83bb8ebe57b36bde49ad8fc76e63ed3da

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
d1c9067f6247bd330fec4bea30c60f51

SHA1
88f49e75f8766ddd07787b1191dcba95b4f583da

SHA256
b64a054f435a9fd33d4a909b234d6f5e8cdfb12b97f4d6d20b79ec202e44234a

SHA512
7f65c4b3d9e358d07a9a1730ea4d18848a78f306826189614cfa2c68e1b59c9bafdf8f914fded4209ea386992839eda8af0ec7887e3ead79cd241c9897374f61

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a653f738dfe8130ba1564f60fa76049c

SHA1
42c74f4efda6dd595ef47cae4f2cd596338f8606

SHA256
1769ae9aa6b05ab4ed436d92abbba662f31e07a1a172dd26de9018b40c47efed

SHA512
a2dbb5b4b50762ed53f50f5e8d9b22c8ee6663c31feed961c172810eb94dc3e379807393009af4762970daa60e56228b11020a78bd69f35b01efaef9522a0cc0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
6fd772757576fc81bc827a4091eb0118

SHA1
dde180a4cfc976237604eee4579abab6c5b58856

SHA256
750206ec3313b3e06dd797929be3e864047742ec5664ac5c8c13de8725e91db2

SHA512
7fde24715b403eebce2550febe0e5cfda5a6c50b15ec49da353bbe08e71b4ce47dc049cc5c04ed2792eb37f9d7f2bbb2b0ff926753d3acdfcac861bcd7e984d3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
b3cc0b82fc4fd65bf79d09602ea30ddc

SHA1
a246f2501dc76e2fad0178b2eaa138294e7492b1

SHA256
5d701478b678910a853f9da1a9ac59b39b8770c63b19bb9b97fad8d365b1cf05

SHA512
db812f57cc88f5a790d31c9dc9438f2e400a6b735dca9146ca883dadff0b5912806d1d4517588833419f0c595713d39348fea32335337589fb68be354a1d6317

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f75623cb9c2c7126f80b6c77a1af20d7

SHA1
d5c87f58c16ca46941553187194e80d8bd6054d8

SHA256
0ff8d9ef23833d39864c4609ed7be0a2b224b6baba8b228d11cb559d77c5fdf9

SHA512
367616e314387de38eb4ddfb554e0a536e98309b75abeb3609cbc2eda55a21b71a22b61c234f2a3724dcedf9b9bfb16369be27bd88279a9355447859d718e3ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e5bc0dd98b919ef34b20d7c1c64e349e

SHA1
c40b2ecc82a1cd6f44c886442740d1d74ee73a1d

SHA256
77cf6447c92c5951f8d2606af8a470468c428fb0c92eb2d950ee74908160ae5d

SHA512
b9f67a6c71c2282c03cfe7f6118c5a8cfe524ddec72b756d16dad20d7bb9aede0bf44af2fa241855a191ab3cda79fa751146ee06ef02b6da5af92baf2fb2085d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
71efcc17c8fe895738c23a2430f4e137

SHA1
934d7995716b7c4285f453dbea4e629025facea7

SHA256
126b8403ce66ae7d746a5f822eb29ef034fb478176ec4a54d40b522b2438688d

SHA512
d476131240eea7a3caf13d3a71836e96a8878b3d0ddded393302188c9a94804e45c1606d89f1c685925474b59f9ef8295fa3d0300d34bb63a0d5fcb9353fba15

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
4143a49cd38f65b08552e0db6e32be0a

SHA1
8badd0190b4ed9452e8ae4432c04a9f730895d5d

SHA256
f6ce97e342599c8ccfce6fc4ccae24b2c7938922d47df0a7d3cf883e656f2b8c

SHA512
94f94d000cdab6d3db1df309cf040134ead11dcc845c889cdc62d050b92193fdd7fad1cf59b00911e6cb0c3459c68e05d4eee6d85b306e25056e3aaf5a352ab5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
4c225d065a4d3239438fda997ea59fa0

SHA1
1f8bbd5e533a015a3c7162a8f5032362a20d8235

SHA256
ddf5bdfd698a2dee9eb15ffdd8aed7380efff206742f03cf81e85df3a8f0a1b7

SHA512
74448b732653534d269063d0b7b5acb05425e4344dc03ad665285c5cca29d5f1e9c3ec70af11a9ed0f28d0a544c1324549806f4846150b16ccd7e95db1db9162

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
195KB

MD5
70dd03e02fdd7fc59f5a1fb00639c00d

SHA1
a57afa8a5b0ad3dd6c001e22bb02cd12cecb2844

SHA256
af6e52ee24af2d6d940b38338a484e75bc19740409e74ddf93c5e301e0264288

SHA512
c5dcd81205abc5a97067f4b8867fa492a37ce7d5d81871a2a0074b308e67a7f8d2f234448beb728c216cb3a2d98eadb9f93a649a0add3693ce1748d7ac2649f1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
195KB

MD5
2c76043c5f87a878fb7a37d4d88d7a60

SHA1
2fdabf2482bc17719c34824f9f6435454d5dbea2

SHA256
0b5042f00f1bada84ba709ec2b2fae6314a54aae8c8019f513e04ca091157535

SHA512
2d5adfd955a01d94c027314cebdd73ca8a628a8eeeccabb6797b801fe216b107c0187564b43f23cc5c31edcbd2c41af3a972c5874ec05561ea5ec1235712796e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
195KB

MD5
8382c2278e8da39ab5f08af88ca5b84c

SHA1
1cb7d307a57f577e18e8d885b392339eb2a35feb

SHA256
5914838f010bf1cb3ef46ad4eb0f135f883e3cb7be53a2cb08d265e21529bb62

SHA512
78b01d10ae66bd8b7002f18bd940bf18670937e26e80d8e42a23b56149f750e1aaf4e601009cc9e96b02def6cbb4b88a8aa37178017417f339f1615ea64a3afb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
4da9b97781d9558b170dfc7b5a173f72

SHA1
e1abe4a4897ab952a79ae40c6e2dabbe13bc1ef9

SHA256
9c26d829176d0db9babc9951b106535e02f71fc81b940e69b0752b6361ca4150

SHA512
8991303b899d4a2949ccd21b5d2a53275f0a3af5186b746baf5d0cc2a23284dd9b79e94845f5ebd096f98f0e67558d3db23b2549a0bce77a8e3541d0052334e8

Download Submit
C:\Users\Admin\Downloads\DumpedLoadstringRequire.zip

Filesize
46KB

MD5
d74ee4add6d8e200312a6955d7cdf7bd

SHA1
e8e897e2cf9af0e94ea7d544a01eba0eb30f1676

SHA256
dc8fe3440d0e8b76b2dcc32415d34cda11b2e7cdec0f075ade16291e2f89426c

SHA512
7e09fc3a1e3a9af2dd27b66667e99c338554d4ddb6cd7942e5bc3d64fa47c060560ee2558f2155f8fed1dce858830e2c05e77008a22b36c17ee128dbf2284463

Download Submit
C:\Users\Admin\Downloads\DumpedLoadstringRequire.zip:Zone.Identifier

Filesize
235B

MD5
0925dc7b74033a58e5c32fbb293f4446

SHA1
6288d265dc822dedd921f648c931b8d640bcc400

SHA256
612833b9e6fe5657556d7fee37c7c46f73a699d8d4f1b029f1caca604eec1b83

SHA512
67ded6ce8f4e2a9270a48a8b6093d2334914c1db360e6a706d5bc7c9c7cf19528299ca6359a790ef41f3c47f674fad0b4924f9e6a05445fe6a4b84d4bcab5803

Download Submit