1448fa49ba79b57f6381b21b450937882f3508b3d7c906a1c80f476b7fb8bea4

Resubmissions

01-07-2024 03:56

240701-ehcgtsvhqc 3

01-07-2024 03:54

01-07-2024 03:52

01-07-2024 03:51

01-07-2024 03:50

01-07-2024 03:43

01-07-2024 03:42

Analysis

max time kernel
329s
max time network
338s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
01-07-2024 03:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

windows.ps1
Size

322B
MD5

38181352d7fdf3fbbecc10ddfcfaddde
SHA1

7917d0c3d29c549ca9993187d4161cd9b1302585
SHA256

1448fa49ba79b57f6381b21b450937882f3508b3d7c906a1c80f476b7fb8bea4
SHA512

cc44b3c7a9322e1314fbbb034e7d57fd557dc675eb8dbf9fbe7c9ceff4760bf6f9fa2bf05102d80f13680b9cda8b3f84db32b89a0970c7115081cb5fc0c8dede

Score

3^/10

execution

Malware Config

Signatures

Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs
Using powershell.exe command.
execution

PowerShell
T1059.001

Processes:

powershell.exe

pid process

4480 powershell.exe

pid	process
4480	powershell.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133642798409975719"	chrome.exe

Suspicious behavior: EnumeratesProcesses 9 IoCs

Processes:

powershell.exechrome.exepowershell.exe

pid process

4480 powershell.exe
4480 powershell.exe
2500 chrome.exe
2500 chrome.exe
2500 chrome.exe
2500 chrome.exe
680 powershell.exe
680 powershell.exe
680 powershell.exe
Suspicious behavior: LoadsDriver 6 IoCs

Processes:

pid

4
4
4
4
4
660
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

Processes:

chrome.exe

pid process

2500 chrome.exe
2500 chrome.exe
2500 chrome.exe
2500 chrome.exe
2500 chrome.exe
2500 chrome.exe
2500 chrome.exe
2500 chrome.exe
2500 chrome.exe

pid	process
4480	powershell.exe
4480	powershell.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
680	powershell.exe
680	powershell.exe
680	powershell.exe

pid
4
4
4
4
4
660

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

powershell.exechrome.exe

description	pid	process
Token: SeDebugPrivilege	4480	powershell.exe
Token: SeShutdownPrivilege	2500	chrome.exe
Token: SeCreatePagefilePrivilege	2500	chrome.exe
Token: SeShutdownPrivilege	2500	chrome.exe
Token: SeCreatePagefilePrivilege	2500	chrome.exe
Token: SeShutdownPrivilege	2500	chrome.exe
Token: SeCreatePagefilePrivilege	2500	chrome.exe
Token: SeShutdownPrivilege	2500	chrome.exe
Token: SeCreatePagefilePrivilege	2500	chrome.exe
Token: SeShutdownPrivilege	2500	chrome.exe
Token: SeCreatePagefilePrivilege	2500	chrome.exe
Token: SeShutdownPrivilege	2500	chrome.exe
Token: SeCreatePagefilePrivilege	2500	chrome.exe
Token: SeShutdownPrivilege	2500	chrome.exe
Token: SeCreatePagefilePrivilege	2500	chrome.exe
Token: SeShutdownPrivilege	2500	chrome.exe
Token: SeCreatePagefilePrivilege	2500	chrome.exe
Token: SeShutdownPrivilege	2500	chrome.exe
Token: SeCreatePagefilePrivilege	2500	chrome.exe
Token: SeShutdownPrivilege	2500	chrome.exe
Token: SeCreatePagefilePrivilege	2500	chrome.exe
Token: SeShutdownPrivilege	2500	chrome.exe
Token: SeCreatePagefilePrivilege	2500	chrome.exe
Token: SeShutdownPrivilege	2500	chrome.exe
Token: SeCreatePagefilePrivilege	2500	chrome.exe
Token: SeShutdownPrivilege	2500	chrome.exe
Token: SeCreatePagefilePrivilege	2500	chrome.exe
Token: SeShutdownPrivilege	2500	chrome.exe
Token: SeCreatePagefilePrivilege	2500	chrome.exe
Token: SeShutdownPrivilege	2500	chrome.exe
Token: SeCreatePagefilePrivilege	2500	chrome.exe
Token: SeShutdownPrivilege	2500	chrome.exe
Token: SeCreatePagefilePrivilege	2500	chrome.exe
Token: SeShutdownPrivilege	2500	chrome.exe
Token: SeCreatePagefilePrivilege	2500	chrome.exe
Token: SeShutdownPrivilege	2500	chrome.exe
Token: SeCreatePagefilePrivilege	2500	chrome.exe
Token: SeShutdownPrivilege	2500	chrome.exe
Token: SeCreatePagefilePrivilege	2500	chrome.exe
Token: SeShutdownPrivilege	2500	chrome.exe
Token: SeCreatePagefilePrivilege	2500	chrome.exe
Token: SeShutdownPrivilege	2500	chrome.exe
Token: SeCreatePagefilePrivilege	2500	chrome.exe
Token: SeShutdownPrivilege	2500	chrome.exe
Token: SeCreatePagefilePrivilege	2500	chrome.exe
Token: SeShutdownPrivilege	2500	chrome.exe
Token: SeCreatePagefilePrivilege	2500	chrome.exe
Token: SeShutdownPrivilege	2500	chrome.exe
Token: SeCreatePagefilePrivilege	2500	chrome.exe
Token: SeShutdownPrivilege	2500	chrome.exe
Token: SeCreatePagefilePrivilege	2500	chrome.exe
Token: SeShutdownPrivilege	2500	chrome.exe
Token: SeCreatePagefilePrivilege	2500	chrome.exe
Token: SeShutdownPrivilege	2500	chrome.exe
Token: SeCreatePagefilePrivilege	2500	chrome.exe
Token: SeShutdownPrivilege	2500	chrome.exe
Token: SeCreatePagefilePrivilege	2500	chrome.exe
Token: SeShutdownPrivilege	2500	chrome.exe
Token: SeCreatePagefilePrivilege	2500	chrome.exe
Token: SeShutdownPrivilege	2500	chrome.exe
Token: SeCreatePagefilePrivilege	2500	chrome.exe
Token: SeShutdownPrivilege	2500	chrome.exe
Token: SeCreatePagefilePrivilege	2500	chrome.exe
Token: SeShutdownPrivilege	2500	chrome.exe

Suspicious use of FindShellTrayWindow 27 IoCs

Processes:

chrome.exe

pid	process
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 2500 wrote to memory of 3972	2500	chrome.exe	chrome.exe
PID 2500 wrote to memory of 3972	2500	chrome.exe	chrome.exe
PID 2500 wrote to memory of 1704	2500	chrome.exe	chrome.exe
PID 2500 wrote to memory of 1704	2500	chrome.exe	chrome.exe
PID 2500 wrote to memory of 1704	2500	chrome.exe	chrome.exe
PID 2500 wrote to memory of 1704	2500	chrome.exe	chrome.exe
PID 2500 wrote to memory of 1704	2500	chrome.exe	chrome.exe
PID 2500 wrote to memory of 1704	2500	chrome.exe	chrome.exe
PID 2500 wrote to memory of 1704	2500	chrome.exe	chrome.exe
PID 2500 wrote to memory of 1704	2500	chrome.exe	chrome.exe
PID 2500 wrote to memory of 1704	2500	chrome.exe	chrome.exe
PID 2500 wrote to memory of 1704	2500	chrome.exe	chrome.exe
PID 2500 wrote to memory of 1704	2500	chrome.exe	chrome.exe
PID 2500 wrote to memory of 1704	2500	chrome.exe	chrome.exe
PID 2500 wrote to memory of 1704	2500	chrome.exe	chrome.exe
PID 2500 wrote to memory of 1704	2500	chrome.exe	chrome.exe
PID 2500 wrote to memory of 1704	2500	chrome.exe	chrome.exe
PID 2500 wrote to memory of 1704	2500	chrome.exe	chrome.exe
PID 2500 wrote to memory of 1704	2500	chrome.exe	chrome.exe
PID 2500 wrote to memory of 1704	2500	chrome.exe	chrome.exe
PID 2500 wrote to memory of 1704	2500	chrome.exe	chrome.exe
PID 2500 wrote to memory of 1704	2500	chrome.exe	chrome.exe
PID 2500 wrote to memory of 1704	2500	chrome.exe	chrome.exe
PID 2500 wrote to memory of 1704	2500	chrome.exe	chrome.exe
PID 2500 wrote to memory of 1704	2500	chrome.exe	chrome.exe
PID 2500 wrote to memory of 1704	2500	chrome.exe	chrome.exe
PID 2500 wrote to memory of 1704	2500	chrome.exe	chrome.exe
PID 2500 wrote to memory of 1704	2500	chrome.exe	chrome.exe
PID 2500 wrote to memory of 1704	2500	chrome.exe	chrome.exe
PID 2500 wrote to memory of 1704	2500	chrome.exe	chrome.exe
PID 2500 wrote to memory of 1704	2500	chrome.exe	chrome.exe
PID 2500 wrote to memory of 1704	2500	chrome.exe	chrome.exe
PID 2500 wrote to memory of 1704	2500	chrome.exe	chrome.exe
PID 2500 wrote to memory of 2368	2500	chrome.exe	chrome.exe
PID 2500 wrote to memory of 2368	2500	chrome.exe	chrome.exe
PID 2500 wrote to memory of 3604	2500	chrome.exe	chrome.exe
PID 2500 wrote to memory of 3604	2500	chrome.exe	chrome.exe
PID 2500 wrote to memory of 3604	2500	chrome.exe	chrome.exe
PID 2500 wrote to memory of 3604	2500	chrome.exe	chrome.exe
PID 2500 wrote to memory of 3604	2500	chrome.exe	chrome.exe
PID 2500 wrote to memory of 3604	2500	chrome.exe	chrome.exe
PID 2500 wrote to memory of 3604	2500	chrome.exe	chrome.exe
PID 2500 wrote to memory of 3604	2500	chrome.exe	chrome.exe
PID 2500 wrote to memory of 3604	2500	chrome.exe	chrome.exe
PID 2500 wrote to memory of 3604	2500	chrome.exe	chrome.exe
PID 2500 wrote to memory of 3604	2500	chrome.exe	chrome.exe
PID 2500 wrote to memory of 3604	2500	chrome.exe	chrome.exe
PID 2500 wrote to memory of 3604	2500	chrome.exe	chrome.exe
PID 2500 wrote to memory of 3604	2500	chrome.exe	chrome.exe
PID 2500 wrote to memory of 3604	2500	chrome.exe	chrome.exe
PID 2500 wrote to memory of 3604	2500	chrome.exe	chrome.exe
PID 2500 wrote to memory of 3604	2500	chrome.exe	chrome.exe
PID 2500 wrote to memory of 3604	2500	chrome.exe	chrome.exe
PID 2500 wrote to memory of 3604	2500	chrome.exe	chrome.exe
PID 2500 wrote to memory of 3604	2500	chrome.exe	chrome.exe
PID 2500 wrote to memory of 3604	2500	chrome.exe	chrome.exe
PID 2500 wrote to memory of 3604	2500	chrome.exe	chrome.exe
PID 2500 wrote to memory of 3604	2500	chrome.exe	chrome.exe
PID 2500 wrote to memory of 3604	2500	chrome.exe	chrome.exe
PID 2500 wrote to memory of 3604	2500	chrome.exe	chrome.exe
PID 2500 wrote to memory of 3604	2500	chrome.exe	chrome.exe
PID 2500 wrote to memory of 3604	2500	chrome.exe	chrome.exe
PID 2500 wrote to memory of 3604	2500	chrome.exe	chrome.exe
PID 2500 wrote to memory of 3604	2500	chrome.exe	chrome.exe

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\windows.ps1
1⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:4480

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2500

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff980e6ab58,0x7ff980e6ab68,0x7ff980e6ab78
2⤵
PID:3972

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1748 --field-trial-handle=1972,i,3248599582163999615,252289524095758836,131072 /prefetch:2
2⤵
PID:1704

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1904 --field-trial-handle=1972,i,3248599582163999615,252289524095758836,131072 /prefetch:8
2⤵
PID:2368

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2288 --field-trial-handle=1972,i,3248599582163999615,252289524095758836,131072 /prefetch:8
2⤵
PID:3604

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3104 --field-trial-handle=1972,i,3248599582163999615,252289524095758836,131072 /prefetch:1
2⤵
PID:1376

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3112 --field-trial-handle=1972,i,3248599582163999615,252289524095758836,131072 /prefetch:1
2⤵
PID:232

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4288 --field-trial-handle=1972,i,3248599582163999615,252289524095758836,131072 /prefetch:1
2⤵
PID:2884

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4664 --field-trial-handle=1972,i,3248599582163999615,252289524095758836,131072 /prefetch:8
2⤵
PID:2800

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4660 --field-trial-handle=1972,i,3248599582163999615,252289524095758836,131072 /prefetch:8
2⤵
PID:2696

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4688 --field-trial-handle=1972,i,3248599582163999615,252289524095758836,131072 /prefetch:1
2⤵
PID:4504

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5008 --field-trial-handle=1972,i,3248599582163999615,252289524095758836,131072 /prefetch:1
2⤵
PID:4160

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4316 --field-trial-handle=1972,i,3248599582163999615,252289524095758836,131072 /prefetch:8
2⤵
PID:4480

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5028 --field-trial-handle=1972,i,3248599582163999615,252289524095758836,131072 /prefetch:8
2⤵
PID:4552

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5160 --field-trial-handle=1972,i,3248599582163999615,252289524095758836,131072 /prefetch:8
2⤵
PID:824

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3132 --field-trial-handle=1972,i,3248599582163999615,252289524095758836,131072 /prefetch:1
2⤵
PID:208

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5200 --field-trial-handle=1972,i,3248599582163999615,252289524095758836,131072 /prefetch:1
2⤵
PID:2592

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=3436 --field-trial-handle=1972,i,3248599582163999615,252289524095758836,131072 /prefetch:1
2⤵
PID:3504

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=4312 --field-trial-handle=1972,i,3248599582163999615,252289524095758836,131072 /prefetch:1
2⤵
PID:1536

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:2364

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:680

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
810B

MD5
038344c1b3cd2eb2852fcad91cfd98e7

SHA1
a8025bb1fc08dad7aabb9356a7a678b8a4c24c2b

SHA256
ae880aee3d2407630e71e2ec5dccbe8f97a4fd7da39e886a4a041595fa1a830c

SHA512
af0c3cc83ce74c3e794196e30c4b2a3bc21681b86f5596d64fea122a5c511b1c5b40ace0a0a56c1e1c54e470b52087d2a206ef696ce67af327570b5b798e677d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
6315a771bca21cd6636c8d1ec3cde2c1

SHA1
fd06382a1971b4627ab234ec93c72a3304277dbb

SHA256
f26ad8b7f8910f1580cc794f279c0376292a5aeb2d9d78735b25d69858a289ca

SHA512
4f70988e923bb88bdead08fcdb691756ed4d77dcaa4db3397b9d10cc73ce291b265ce8498a2487acde92daeb23db0503fbd9eeb9b1700068e25ab6b714097ae4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
748b7749946f2a609a4f8db7aeabed0c

SHA1
6bff4d8f3d4666a4781d480eaa56a9a6912d3f90

SHA256
187bba8fab169c27da824297bdfeac6e0242698971607c556166a65ffe004614

SHA512
0955a4b4c9ca36b786654bf4e96738942b51661bfd564a0b3486d8a03aa9dae0aa6ff21121ce58b3ddf95ab13d6d350b1a51672e481b54321dbf3dbe766ce93e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
5c5e28386fe4e6b5f32b14d93a0c3fe8

SHA1
ee8a6156f0dc3ea940b21985c8f84e79c9fbbee1

SHA256
308027b0dd0889e84ab5eea40519ebfc37dc110f2b79481bbf8857c6f215a4a2

SHA512
52612d20611c314054c80afb79ab2ec7668e73c1b78e7b2559331a264b6e143190cd39f84018010907eabc75edda4d0b45a08b7029f0b086f994e71633be303b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
287KB

MD5
30285b2d48f0d0335a213db88709ce46

SHA1
ed977127e46d983205a5a13de46ac3ef7b5b781f

SHA256
f7cd77b47b0ccb8c96a358223fdbe7a8d461ee4c9f839a3027ad73a2536b1625

SHA512
8c2097109d4c467973ea174c628ad4905805e8d676e458ff4ef4f04e9db05a4e3924fc0254ad27b56e34f699aa8ae75c2183e6cd3612b2c35465fd91fb998baf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
257KB

MD5
29678d824a3a2df3b777e90d6f34a317

SHA1
f242898d82b17a7aca6b3688b7b9e447b3e4c102

SHA256
1a3ea21d6ce9c0e3f6dfe728757f33942d1a2adeedc087261454afb0940b6202

SHA512
348e6c0860f6d1591433c8c09b8d61254a215bb35bc68cf270c29b27dbe9972b06c4d18cc2ff84b45b3f1e7fc1a87f2bdc19cf17e4e00a5e2c346a9078695111

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
257KB

MD5
eaa8234beed0a2d33700ce4641338170

SHA1
296fd7c14d861e8752626263d9cd062cf918038c

SHA256
d8acd211050aa074c0c3a490d46a3a8a923e6d158596a3404b0b67b120a3022e

SHA512
8c06f4dc33ea7f0d0ce5ea77273cca45d6ba37c80f8234ba6862e70d77db6db4e9a7d5ae68b82fe518f6ac037f99f272ff28f028dee60d57c4748613dfb5cb37

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
257KB

MD5
19c085839ce3749795a2b410bbd3c106

SHA1
e70b771539fd644c9a8315728811f6ceaa19a6f5

SHA256
98c050ad5ecfd88442898ba3019bc1dd40eb751f81a0f215acaff5aed002274a

SHA512
1ff669d03780b37c4e088b2a080f2d46967965c4752bd8dbafcfc364ddda9d8b55d68bedd395a0324893f149008072e898680dcc3ad5a3e0d66bc4e58a0969ca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
311KB

MD5
5da1d2817c51b8ee81dd0c10136041a1

SHA1
4c5722a666d20418922e945a08736595be0d26b3

SHA256
4e97f2e4639fe3f1a366c0194dbac142518f3a3e06fa7fe5c78edfd175d8bd39

SHA512
21d7bb821335b6f6320e47f7526a9c3a340502902b7b31e32e8ef46bc6dc12d6d62be6b14d2a039bad8fa439f0c79f461060987d64e32a9d22d11b0d77d8e0db

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
92KB

MD5
fd7cae12cf5578888bb76786cc309964

SHA1
20f8371feaadd5c31f32576f5b61f5ce6b953753

SHA256
352081f1e04f74cba28769543245960b5087ccdd9bc1a248c3cd02909533444e

SHA512
757d15ffe80a1b156447455df202da6840e4379fd2663ee8d4a1e8f40ff0ed76466a4aed4237ad863485444ea9d6eaa15b8532b2e408ef14e01be18196e7bc5d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe58b997.TMP
Filesize
89KB

MD5
75e20ffb38f12b5fca630e86b2d81678

SHA1
78ba5fa2b9bab03bafde84ab3455200a7a84ab86

SHA256
afab87cbc12d7262b14715186ddbf17f4fda73eb3d1aac4ab772b22d8369d9ee

SHA512
8b9979c62e59e54c64a235fc57b9a5be6815761674df9cdb72324664799e888407b323ed39c1d444d9928832e038e666367d0f5542e8c99a8863848775cbf081

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1
Filesize
264KB

MD5
6a5ba95dbbbdd247a37e3a111053b3e7

SHA1
66f8de713aebcf682cd514bfef7448611cd7a16d

SHA256
7daea5a3998e6465e9a0bf4f9421963b9d11153caaf4a00c664a346be5fa02d5

SHA512
2aed4c9f8ac2a1ea53394cbcc21b491ad2a53651d1b42c216f7f740ca9520ad5a13611ed9529d162dea2e7a7ad4008c35e5c3995941c0c6bcc860a92818bf4d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log
Filesize
3KB

MD5
556084f2c6d459c116a69d6fedcc4105

SHA1
633e89b9a1e77942d822d14de6708430a3944dbc

SHA256
88cc4f40f0eb08ff5c487d6db341b046cc63b22534980aca66a9f8480692f3a8

SHA512
0f6557027b098e45556af93e0be1db9a49c6416dc4afcff2cc2135a8a1ad4f1cf7185541ddbe6c768aefaf2c1a8e52d5282a538d15822d19932f22316edd283e

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_mgfir31m.u42.ps1
Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
\??\pipe\crashpad_2500_XXLUGHILZSISBJPY
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/680-239-0x0000021EFF910000-0x0000021EFF986000-memory.dmp

Filesize
472KB

Download
memory/680-238-0x0000021EFF840000-0x0000021EFF884000-memory.dmp

Filesize
272KB

Download
memory/4480-13-0x00007FF980EF0000-0x00007FF9819B1000-memory.dmp

Filesize
10.8MB

Download
memory/4480-11-0x00007FF980EF0000-0x00007FF9819B1000-memory.dmp

Filesize
10.8MB

Download
memory/4480-1-0x0000021CAC9A0000-0x0000021CAC9C2000-memory.dmp

Filesize
136KB

Download
memory/4480-12-0x00007FF980EF0000-0x00007FF9819B1000-memory.dmp

Filesize
10.8MB

Download
memory/4480-0-0x00007FF980EF3000-0x00007FF980EF5000-memory.dmp

Filesize
8KB

Download
memory/4480-14-0x00007FF980EF0000-0x00007FF9819B1000-memory.dmp

Filesize
10.8MB

Download
memory/4480-17-0x00007FF980EF0000-0x00007FF9819B1000-memory.dmp

Filesize
10.8MB

Download