hxxps://voxiumhub[.]com/

Resubmissions

04-09-2024 15:47

240904-s8hy7avbqc 8

04-09-2024 15:10

240904-skjktasgkk 10

Analysis

max time kernel
600s
max time network
432s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
04-09-2024 15:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://voxiumhub.com/

Score

8^/10

defense_evasion discovery

Malware Config

Signatures

Downloads MZ/PE file
Executes dropped EXE 1 IoCs

Processes:

Voxium_Launcher.exe

pid process

4588 Voxium_Launcher.exe
Looks up external IP address via web service 4 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.

Processes:

flow ioc

20 ipinfo.io
22 ipinfo.io
23 ipinfo.io
42 ip-api.com
Drops file in Windows directory 1 IoCs

Processes:

chrome.exe

description ioc process

File opened for modification C:\Windows\SystemTemp chrome.exe
Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 1 IoCs
When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.
defense_evasion

SIP and Trust Provider Hijacking
T1553.003

Processes:

chrome.exe

description ioc process

File opened for modification C:\Users\Admin\Downloads\Voxium_Launcher.exe:Zone.Identifier chrome.exe
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
discovery

System Language Discovery
T1614.001

Processes:

Voxium_Launcher.exe

description ioc process

Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Voxium_Launcher.exe

pid	process
4588	Voxium_Launcher.exe

flow	ioc
20	ipinfo.io
22	ipinfo.io
23	ipinfo.io
42	ip-api.com

description	ioc	process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

description	ioc	process
File opened for modification	C:\Users\Admin\Downloads\Voxium_Launcher.exe:Zone.Identifier	chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Voxium_Launcher.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133699384846259749"	chrome.exe

NTFS ADS 1 IoCs

Processes:

chrome.exe

description ioc process

File opened for modification C:\Users\Admin\Downloads\Voxium_Launcher.exe:Zone.Identifier chrome.exe
Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

chrome.exe

pid process

1600 chrome.exe
1600 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

Processes:

chrome.exe

pid process

1600 chrome.exe
1600 chrome.exe
1600 chrome.exe

description	ioc	process
File opened for modification	C:\Users\Admin\Downloads\Voxium_Launcher.exe:Zone.Identifier	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	1600	chrome.exe
Token: SeCreatePagefilePrivilege	1600	chrome.exe
Token: SeShutdownPrivilege	1600	chrome.exe
Token: SeCreatePagefilePrivilege	1600	chrome.exe
Token: SeShutdownPrivilege	1600	chrome.exe
Token: SeCreatePagefilePrivilege	1600	chrome.exe
Token: SeShutdownPrivilege	1600	chrome.exe
Token: SeCreatePagefilePrivilege	1600	chrome.exe
Token: SeShutdownPrivilege	1600	chrome.exe
Token: SeCreatePagefilePrivilege	1600	chrome.exe
Token: SeShutdownPrivilege	1600	chrome.exe
Token: SeCreatePagefilePrivilege	1600	chrome.exe
Token: SeShutdownPrivilege	1600	chrome.exe
Token: SeCreatePagefilePrivilege	1600	chrome.exe
Token: SeShutdownPrivilege	1600	chrome.exe
Token: SeCreatePagefilePrivilege	1600	chrome.exe
Token: SeShutdownPrivilege	1600	chrome.exe
Token: SeCreatePagefilePrivilege	1600	chrome.exe
Token: SeShutdownPrivilege	1600	chrome.exe
Token: SeCreatePagefilePrivilege	1600	chrome.exe
Token: SeShutdownPrivilege	1600	chrome.exe
Token: SeCreatePagefilePrivilege	1600	chrome.exe
Token: SeShutdownPrivilege	1600	chrome.exe
Token: SeCreatePagefilePrivilege	1600	chrome.exe
Token: SeShutdownPrivilege	1600	chrome.exe
Token: SeCreatePagefilePrivilege	1600	chrome.exe
Token: SeShutdownPrivilege	1600	chrome.exe
Token: SeCreatePagefilePrivilege	1600	chrome.exe
Token: SeShutdownPrivilege	1600	chrome.exe
Token: SeCreatePagefilePrivilege	1600	chrome.exe
Token: SeShutdownPrivilege	1600	chrome.exe
Token: SeCreatePagefilePrivilege	1600	chrome.exe
Token: SeShutdownPrivilege	1600	chrome.exe
Token: SeCreatePagefilePrivilege	1600	chrome.exe
Token: SeShutdownPrivilege	1600	chrome.exe
Token: SeCreatePagefilePrivilege	1600	chrome.exe
Token: SeShutdownPrivilege	1600	chrome.exe
Token: SeCreatePagefilePrivilege	1600	chrome.exe
Token: SeShutdownPrivilege	1600	chrome.exe
Token: SeCreatePagefilePrivilege	1600	chrome.exe
Token: SeShutdownPrivilege	1600	chrome.exe
Token: SeCreatePagefilePrivilege	1600	chrome.exe
Token: SeShutdownPrivilege	1600	chrome.exe
Token: SeCreatePagefilePrivilege	1600	chrome.exe
Token: SeShutdownPrivilege	1600	chrome.exe
Token: SeCreatePagefilePrivilege	1600	chrome.exe
Token: SeShutdownPrivilege	1600	chrome.exe
Token: SeCreatePagefilePrivilege	1600	chrome.exe
Token: SeShutdownPrivilege	1600	chrome.exe
Token: SeCreatePagefilePrivilege	1600	chrome.exe
Token: SeShutdownPrivilege	1600	chrome.exe
Token: SeCreatePagefilePrivilege	1600	chrome.exe
Token: SeShutdownPrivilege	1600	chrome.exe
Token: SeCreatePagefilePrivilege	1600	chrome.exe
Token: SeShutdownPrivilege	1600	chrome.exe
Token: SeCreatePagefilePrivilege	1600	chrome.exe
Token: SeShutdownPrivilege	1600	chrome.exe
Token: SeCreatePagefilePrivilege	1600	chrome.exe
Token: SeShutdownPrivilege	1600	chrome.exe
Token: SeCreatePagefilePrivilege	1600	chrome.exe
Token: SeShutdownPrivilege	1600	chrome.exe
Token: SeCreatePagefilePrivilege	1600	chrome.exe
Token: SeShutdownPrivilege	1600	chrome.exe
Token: SeCreatePagefilePrivilege	1600	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

chrome.exe

pid	process
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

Processes:

chrome.exe

pid	process
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 1600 wrote to memory of 1528	1600	chrome.exe	chrome.exe
PID 1600 wrote to memory of 1528	1600	chrome.exe	chrome.exe
PID 1600 wrote to memory of 1940	1600	chrome.exe	chrome.exe
PID 1600 wrote to memory of 1940	1600	chrome.exe	chrome.exe
PID 1600 wrote to memory of 1940	1600	chrome.exe	chrome.exe
PID 1600 wrote to memory of 1940	1600	chrome.exe	chrome.exe
PID 1600 wrote to memory of 1940	1600	chrome.exe	chrome.exe
PID 1600 wrote to memory of 1940	1600	chrome.exe	chrome.exe
PID 1600 wrote to memory of 1940	1600	chrome.exe	chrome.exe
PID 1600 wrote to memory of 1940	1600	chrome.exe	chrome.exe
PID 1600 wrote to memory of 1940	1600	chrome.exe	chrome.exe
PID 1600 wrote to memory of 1940	1600	chrome.exe	chrome.exe
PID 1600 wrote to memory of 1940	1600	chrome.exe	chrome.exe
PID 1600 wrote to memory of 1940	1600	chrome.exe	chrome.exe
PID 1600 wrote to memory of 1940	1600	chrome.exe	chrome.exe
PID 1600 wrote to memory of 1940	1600	chrome.exe	chrome.exe
PID 1600 wrote to memory of 1940	1600	chrome.exe	chrome.exe
PID 1600 wrote to memory of 1940	1600	chrome.exe	chrome.exe
PID 1600 wrote to memory of 1940	1600	chrome.exe	chrome.exe
PID 1600 wrote to memory of 1940	1600	chrome.exe	chrome.exe
PID 1600 wrote to memory of 1940	1600	chrome.exe	chrome.exe
PID 1600 wrote to memory of 1940	1600	chrome.exe	chrome.exe
PID 1600 wrote to memory of 1940	1600	chrome.exe	chrome.exe
PID 1600 wrote to memory of 1940	1600	chrome.exe	chrome.exe
PID 1600 wrote to memory of 1940	1600	chrome.exe	chrome.exe
PID 1600 wrote to memory of 1940	1600	chrome.exe	chrome.exe
PID 1600 wrote to memory of 1940	1600	chrome.exe	chrome.exe
PID 1600 wrote to memory of 1940	1600	chrome.exe	chrome.exe
PID 1600 wrote to memory of 1940	1600	chrome.exe	chrome.exe
PID 1600 wrote to memory of 1940	1600	chrome.exe	chrome.exe
PID 1600 wrote to memory of 1940	1600	chrome.exe	chrome.exe
PID 1600 wrote to memory of 1940	1600	chrome.exe	chrome.exe
PID 1600 wrote to memory of 4540	1600	chrome.exe	chrome.exe
PID 1600 wrote to memory of 4540	1600	chrome.exe	chrome.exe
PID 1600 wrote to memory of 1488	1600	chrome.exe	chrome.exe
PID 1600 wrote to memory of 1488	1600	chrome.exe	chrome.exe
PID 1600 wrote to memory of 1488	1600	chrome.exe	chrome.exe
PID 1600 wrote to memory of 1488	1600	chrome.exe	chrome.exe
PID 1600 wrote to memory of 1488	1600	chrome.exe	chrome.exe
PID 1600 wrote to memory of 1488	1600	chrome.exe	chrome.exe
PID 1600 wrote to memory of 1488	1600	chrome.exe	chrome.exe
PID 1600 wrote to memory of 1488	1600	chrome.exe	chrome.exe
PID 1600 wrote to memory of 1488	1600	chrome.exe	chrome.exe
PID 1600 wrote to memory of 1488	1600	chrome.exe	chrome.exe
PID 1600 wrote to memory of 1488	1600	chrome.exe	chrome.exe
PID 1600 wrote to memory of 1488	1600	chrome.exe	chrome.exe
PID 1600 wrote to memory of 1488	1600	chrome.exe	chrome.exe
PID 1600 wrote to memory of 1488	1600	chrome.exe	chrome.exe
PID 1600 wrote to memory of 1488	1600	chrome.exe	chrome.exe
PID 1600 wrote to memory of 1488	1600	chrome.exe	chrome.exe
PID 1600 wrote to memory of 1488	1600	chrome.exe	chrome.exe
PID 1600 wrote to memory of 1488	1600	chrome.exe	chrome.exe
PID 1600 wrote to memory of 1488	1600	chrome.exe	chrome.exe
PID 1600 wrote to memory of 1488	1600	chrome.exe	chrome.exe
PID 1600 wrote to memory of 1488	1600	chrome.exe	chrome.exe
PID 1600 wrote to memory of 1488	1600	chrome.exe	chrome.exe
PID 1600 wrote to memory of 1488	1600	chrome.exe	chrome.exe
PID 1600 wrote to memory of 1488	1600	chrome.exe	chrome.exe
PID 1600 wrote to memory of 1488	1600	chrome.exe	chrome.exe
PID 1600 wrote to memory of 1488	1600	chrome.exe	chrome.exe
PID 1600 wrote to memory of 1488	1600	chrome.exe	chrome.exe
PID 1600 wrote to memory of 1488	1600	chrome.exe	chrome.exe
PID 1600 wrote to memory of 1488	1600	chrome.exe	chrome.exe
PID 1600 wrote to memory of 1488	1600	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://voxiumhub.com/
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe3997cc40,0x7ffe3997cc4c,0x7ffe3997cc58
  2⤵
  PID:1528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1812,i,6222316208418928694,14747917082685421206,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1808 /prefetch:2
  2⤵
  PID:1940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2084,i,6222316208418928694,14747917082685421206,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2100 /prefetch:3
  2⤵
  PID:4540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2160,i,6222316208418928694,14747917082685421206,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2360 /prefetch:8
  2⤵
  PID:1488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3048,i,6222316208418928694,14747917082685421206,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3084 /prefetch:1
  2⤵
  PID:3680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3088,i,6222316208418928694,14747917082685421206,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3128 /prefetch:1
  2⤵
  PID:3400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4612,i,6222316208418928694,14747917082685421206,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4576 /prefetch:1
  2⤵
  PID:3156
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=4736,i,6222316208418928694,14747917082685421206,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4764 /prefetch:8
  2⤵
  PID:5004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5364,i,6222316208418928694,14747917082685421206,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5388 /prefetch:8
  2⤵
  PID:3760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5376,i,6222316208418928694,14747917082685421206,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5528 /prefetch:8
  2⤵
  PID:3068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5700,i,6222316208418928694,14747917082685421206,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5708 /prefetch:8
  2⤵
  PID:2840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3056,i,6222316208418928694,14747917082685421206,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5664 /prefetch:8
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - NTFS ADS
  PID:228
- C:\Users\Admin\Downloads\Voxium_Launcher.exe
  "C:\Users\Admin\Downloads\Voxium_Launcher.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:4588

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4760

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004D8 0x00000000000004BC
1⤵
PID:2852

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:1608

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Subvert Trust Controls

T1553

SIP and Trust Provider Hijacking

T1553.003

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
d802ccfd7c524f170990526cef12abf0

SHA1
fd49b6b3356bbae21c90600dcc00c6911ab2c0b1

SHA256
6a60b6c7de10709a71eaabe45260d9895851974939e60cbeb905df4b788c6ebc

SHA512
b4d06e7707e0920e91e9ff0f4f345f59c768d7c69c595e04dd6d60a0947fa181de9abffba6b20cd63664f50eb9ce007bd9d8912fd5a2879e3e12ca11ae2b64d8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
336B

MD5
be7b3264b27d1caec76e90573a192df3

SHA1
75e268616235729e67aea2c0b10c1e3c8268eb2a

SHA256
f77548ade10a5be3b87e6588d0c6b0723e5f7dd0ac2b0cf5766b14cdd1994fe5

SHA512
1ce44718cd62f2626e9c2ca06b7fcfe762f967ece6e7e47ae368464c1de19021bcf77e1dd4e0cbcffc64d6e9323addfac7412456d4c1aac5ee791bd1ee5f1e53

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
afea65e240772f5e2158898db64d9598

SHA1
30bf6ae51bf452afb491c94e89725b7fd02b6d7a

SHA256
e4917ee32cac07a7758177210102df93b5a3da1905c85b82f872e445555db826

SHA512
feb29635a4b95786234d538aa79e5394743af2f596d47a83294c635bcd8f4d2c4106ba448f05a1a82f2243401e0f4e4db3d6fc15b58bac2b8a05f45d9378cfa0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
3cca21e9f38dbaedcff022a88139b86b

SHA1
367cda6f40082eb33f5f04b5b0839d4882c656d3

SHA256
d19dbec70d855d799180c40237994b21e2c59057f27061cafa26882f006dea90

SHA512
8450c74377f2e2a311df107e0b30ee9145a5e6868b63523d5eeab977c173a31a19d3e05e9feeaf68432c1c331e23cdc7958c912575bd2ba71289ce2f6b21b118

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
5f18298fddb4047b586e08919a808d31

SHA1
4ffca3f933424bdf7baf0ddaf743592f208cf926

SHA256
e3756c769eb26b6a2846765c6a227547cfdfa279345841df3130294656ada7b4

SHA512
3f11dbc71c041a7376eb42767554e60d29261518f1c025c15e02bd9b361f4815a1a9e8338e6afd950cba703e1717d671488b5e9bc7117c5ef9518df2b554e3c0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
c015798120f1968b8a40c2aa79a1cf0f

SHA1
26a96fa87dccbe3de4e6eee60a35e1f1f2c1113f

SHA256
fb0de8fee04193609ee25d1d1259dc9b998d6ae4c8891bb6af0e48bd9b672a8e

SHA512
86f61fe7304346e926a45ffa232a890349fc481c2f8464d7aa8f39dc5999da35cf0f73ac69359ec0234497ca982f12b8a8c5547406aa08f443f159bfe8c55ae1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
a55f03895bea1f06cf8617da575c2766

SHA1
9b7eb489fce0760e349829a69687665d3a41bfeb

SHA256
d2bcad48e7714ab0e89e5e5670327e36aa80233460e028b5ffa9789b67ba3627

SHA512
b6d43fef48fabf5a4d76a002a368d107cf4b5c29fbfa2184223042ede9a06880f922d61d970f7b83f6235134806737afb4b94349470588648c8e3aec274cfa61

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e3c7e287d43060c447f491c5f7325d22

SHA1
49a33a6509ec1d8d0aa35dedb8d92c06cbce4e0f

SHA256
bdce2a7cbe4d37de49b23fb67399c761e5694e9b218f546beb53d87ae77a93cd

SHA512
42a3019d58a039b2038dbf21fc80adde14ab3c53e426768a12c22774e2c390b5247b5f81ddafbae2a286045f803072431e4f7bd999b9ab3fe5c6933204b8cec0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
2426cb0b126a8a1800f5c6b2c358ce7f

SHA1
dd6cbbd5758cae57447c835adb0031a5eac0d9ad

SHA256
f1686e8e3857d608f2a92092d22162d32a92b7797655b05b418242642b6b5ffc

SHA512
951fd32be021848e7454bfb638484e0a11da3ffb5673e975186146cf97005dcc831aeb15a73df90c0e620f63f7a5f958af2f14f84493a0cf568e9f97f4226d0b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
5fcaea8266b28d308daf0bf99e2a79dc

SHA1
18e8064eaffd34c5dfcc9d870f19d1484dbfc0d4

SHA256
ed76922657cb9802eb71683dd23787950b447b36757d0fb22ace3799b86546a5

SHA512
3c9cf26c8848a7a6dbf6453b3f7f1dc650197ecc910332b9a6ffc92527006c16d63dbcf66c8def385c8c4e688c4fb1742d89ba0a0d78543adf2192f4cbf36c5e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
73d7fbe03d47e4fe9018742a12247388

SHA1
5fc2420d08947ec705e54b7f263f837086a32942

SHA256
cae5a81609fc9ac281e13850c5b39e09efb564258e041eef3133da6ce85059ab

SHA512
4bd7df45adeafdaee47efacfc3bbf1b822d3fa5cc027625a70ff5e007cf8681113d1631677ac4c8a3c2e83ee0f0e846933522c0313e4a10329f0c0bac81f3ac7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
648f0d9e2530def76aed8db6974f7d3d

SHA1
2823a0f45adcf6bfc1606bc5dc742861fa49b6ed

SHA256
799bf3a3d664143a5591c93e13f55e88ef69cb6a4058cc74b6bb383c3ed03fd2

SHA512
0f2caa803c2e61408edf0138ee4e83a35866c988dec302f98e68e7edbd97f73ca0c6229c84f371c9e9c5757093ebec76a278e75ff6d3ccc812d5696b853e7048

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
432985dc74a3a6b3f84b0567400b6da5

SHA1
2ce56907222bf3cc16ccf857603efd85ccf2d36a

SHA256
2b2c4632d1a85a8534f870c54d2c70553d437205f1ec4703e0162ff7c69f3ec5

SHA512
e03824b0e24a6d0d7a77f4ba6a0469a472fc6abdb0ce4486e68090b6d61babb75462d8baef20d0c3d1fb148a7a8b5e4117d9b2cd0652edd0f0c111b15eb9760e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
556728fc16a1f9e5ea4a326018eb4ffd

SHA1
c08402fa1918eaeaa38cf41837041101e202d1dd

SHA256
3bdce1a260a355312ef6f4fe4f709b141422f12d27be9025220c0bab4ee2d44b

SHA512
fb274c59a257ac3f8ea7c24cd0aa1a9357d7f23485a298a97ae6ec4350848f6037ac940f8fed2cd872fec3f8b9593167157664d70d3e3c44b4456b0ad96c1fe1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
195KB

MD5
dbda048f107fb591796dfc6daf4065fc

SHA1
e86416ddce96df1defeaa10da13035a99b14868c

SHA256
e18179c625138af78d264a619e7fe3780f3877204af7a59c78d28266a27de2d1

SHA512
ca706c29e71f8e38fbedcf0a02acfd145dd720ae377e9cb6902fd23c52137670777278a3f68cc8ffd21a89371e7eed947300fca25f35057b8fa194c48b2e9088

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
195KB

MD5
76ca35e17fadffcec527fa98772ed685

SHA1
e469a0adc1ee26db24079c0380484c8004c3fd93

SHA256
b5eb271b0a0730041b6f3a20df523676fd58b08e5586a2f8e76e5a2d0a5fd0a7

SHA512
0167412b63c0c7ca13f6ee786dcafef62000ef94bcff15a277a199e8849348149998b430d2c7b882e70105a3700cd0568bd3ff4bf16858dfb654f9786d8940ee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
195KB

MD5
c9dfca732db5226275cdaae1aa19ea49

SHA1
4555eae46956966a1c505e97b550c7ad7ee8be3f

SHA256
e7adef750f0888eb978de974e8ecbb1ef85b4f90074b9bbc36752155dd0ed12a

SHA512
df96545c55847b4ee31d8f4a722370ba96a1e3d3f72db7bcd81b7e04480b5c42bdf298e762ae88c8eb668ab71bc0a7cbbf236fceb5b7f0f3d46af332d77033f6

Download Submit
C:\Users\Admin\Downloads\Voxium_Launcher.exe:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
\??\pipe\crashpad_1600_OWHLPDYUQWAQWGXO

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/4588-233-0x0000000012211000-0x0000000012213000-memory.dmp

Filesize
8KB

Download
memory/4588-234-0x0000000012561000-0x0000000012565000-memory.dmp

Filesize
16KB

Download