hxxps://www[.]icloud[.]com/iclouddrive/0b7sMFN7qDDexpYRAoRX6ZCAQ#Job_Description_Plan_-_KITON_Brand_2023

Analysis

max time kernel
105s
max time network
102s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
17/07/2023, 10:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.icloud.com/iclouddrive/0b7sMFN7qDDexpYRAoRX6ZCAQ#Job_Description_Plan_-_KITON_Brand_2023

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
1320	Income and benefits of candidates at KITON Fashion 2023.pdf.exe
3952	Performance_Marketing_Manager's_salary_and_benefits_at_Kiton_Fashion_2023.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133340652061587834"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000_Classes\Local Settings	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
2860	chrome.exe
2860	chrome.exe
1320	Income and benefits of candidates at KITON Fashion 2023.pdf.exe
1320	Income and benefits of candidates at KITON Fashion 2023.pdf.exe
3952	Performance_Marketing_Manager's_salary_and_benefits_at_Kiton_Fashion_2023.exe
3952	Performance_Marketing_Manager's_salary_and_benefits_at_Kiton_Fashion_2023.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2860	chrome.exe
Token: SeCreatePagefilePrivilege	2860	chrome.exe
Token: SeShutdownPrivilege	2860	chrome.exe
Token: SeCreatePagefilePrivilege	2860	chrome.exe
Token: SeShutdownPrivilege	2860	chrome.exe
Token: SeCreatePagefilePrivilege	2860	chrome.exe
Token: SeShutdownPrivilege	2860	chrome.exe
Token: SeCreatePagefilePrivilege	2860	chrome.exe
Token: SeShutdownPrivilege	2860	chrome.exe
Token: SeCreatePagefilePrivilege	2860	chrome.exe
Token: SeShutdownPrivilege	2860	chrome.exe
Token: SeCreatePagefilePrivilege	2860	chrome.exe
Token: SeShutdownPrivilege	2860	chrome.exe
Token: SeCreatePagefilePrivilege	2860	chrome.exe
Token: SeShutdownPrivilege	2860	chrome.exe
Token: SeCreatePagefilePrivilege	2860	chrome.exe
Token: SeShutdownPrivilege	2860	chrome.exe
Token: SeCreatePagefilePrivilege	2860	chrome.exe
Token: SeShutdownPrivilege	2860	chrome.exe
Token: SeCreatePagefilePrivilege	2860	chrome.exe
Token: SeShutdownPrivilege	2860	chrome.exe
Token: SeCreatePagefilePrivilege	2860	chrome.exe
Token: SeShutdownPrivilege	2860	chrome.exe
Token: SeCreatePagefilePrivilege	2860	chrome.exe
Token: SeShutdownPrivilege	2860	chrome.exe
Token: SeCreatePagefilePrivilege	2860	chrome.exe
Token: SeShutdownPrivilege	2860	chrome.exe
Token: SeCreatePagefilePrivilege	2860	chrome.exe
Token: SeShutdownPrivilege	2860	chrome.exe
Token: SeCreatePagefilePrivilege	2860	chrome.exe
Token: SeShutdownPrivilege	2860	chrome.exe
Token: SeCreatePagefilePrivilege	2860	chrome.exe
Token: SeShutdownPrivilege	2860	chrome.exe
Token: SeCreatePagefilePrivilege	2860	chrome.exe
Token: SeShutdownPrivilege	2860	chrome.exe
Token: SeCreatePagefilePrivilege	2860	chrome.exe
Token: SeShutdownPrivilege	2860	chrome.exe
Token: SeCreatePagefilePrivilege	2860	chrome.exe
Token: SeShutdownPrivilege	2860	chrome.exe
Token: SeCreatePagefilePrivilege	2860	chrome.exe
Token: SeShutdownPrivilege	2860	chrome.exe
Token: SeCreatePagefilePrivilege	2860	chrome.exe
Token: SeShutdownPrivilege	2860	chrome.exe
Token: SeCreatePagefilePrivilege	2860	chrome.exe
Token: SeShutdownPrivilege	2860	chrome.exe
Token: SeCreatePagefilePrivilege	2860	chrome.exe
Token: SeShutdownPrivilege	2860	chrome.exe
Token: SeCreatePagefilePrivilege	2860	chrome.exe
Token: SeShutdownPrivilege	2860	chrome.exe
Token: SeCreatePagefilePrivilege	2860	chrome.exe
Token: SeShutdownPrivilege	2860	chrome.exe
Token: SeCreatePagefilePrivilege	2860	chrome.exe
Token: SeShutdownPrivilege	2860	chrome.exe
Token: SeCreatePagefilePrivilege	2860	chrome.exe
Token: SeShutdownPrivilege	2860	chrome.exe
Token: SeCreatePagefilePrivilege	2860	chrome.exe
Token: SeShutdownPrivilege	2860	chrome.exe
Token: SeCreatePagefilePrivilege	2860	chrome.exe
Token: SeShutdownPrivilege	2860	chrome.exe
Token: SeCreatePagefilePrivilege	2860	chrome.exe
Token: SeShutdownPrivilege	2860	chrome.exe
Token: SeCreatePagefilePrivilege	2860	chrome.exe
Token: SeShutdownPrivilege	2860	chrome.exe
Token: SeCreatePagefilePrivilege	2860	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2860 wrote to memory of 612	2860	chrome.exe	36
PID 2860 wrote to memory of 612	2860	chrome.exe	36
PID 2860 wrote to memory of 4328	2860	chrome.exe	85
PID 2860 wrote to memory of 4328	2860	chrome.exe	85
PID 2860 wrote to memory of 4328	2860	chrome.exe	85
PID 2860 wrote to memory of 4328	2860	chrome.exe	85
PID 2860 wrote to memory of 4328	2860	chrome.exe	85
PID 2860 wrote to memory of 4328	2860	chrome.exe	85
PID 2860 wrote to memory of 4328	2860	chrome.exe	85
PID 2860 wrote to memory of 4328	2860	chrome.exe	85
PID 2860 wrote to memory of 4328	2860	chrome.exe	85
PID 2860 wrote to memory of 4328	2860	chrome.exe	85
PID 2860 wrote to memory of 4328	2860	chrome.exe	85
PID 2860 wrote to memory of 4328	2860	chrome.exe	85
PID 2860 wrote to memory of 4328	2860	chrome.exe	85
PID 2860 wrote to memory of 4328	2860	chrome.exe	85
PID 2860 wrote to memory of 4328	2860	chrome.exe	85
PID 2860 wrote to memory of 4328	2860	chrome.exe	85
PID 2860 wrote to memory of 4328	2860	chrome.exe	85
PID 2860 wrote to memory of 4328	2860	chrome.exe	85
PID 2860 wrote to memory of 4328	2860	chrome.exe	85
PID 2860 wrote to memory of 4328	2860	chrome.exe	85
PID 2860 wrote to memory of 4328	2860	chrome.exe	85
PID 2860 wrote to memory of 4328	2860	chrome.exe	85
PID 2860 wrote to memory of 4328	2860	chrome.exe	85
PID 2860 wrote to memory of 4328	2860	chrome.exe	85
PID 2860 wrote to memory of 4328	2860	chrome.exe	85
PID 2860 wrote to memory of 4328	2860	chrome.exe	85
PID 2860 wrote to memory of 4328	2860	chrome.exe	85
PID 2860 wrote to memory of 4328	2860	chrome.exe	85
PID 2860 wrote to memory of 4328	2860	chrome.exe	85
PID 2860 wrote to memory of 4328	2860	chrome.exe	85
PID 2860 wrote to memory of 4328	2860	chrome.exe	85
PID 2860 wrote to memory of 4328	2860	chrome.exe	85
PID 2860 wrote to memory of 4328	2860	chrome.exe	85
PID 2860 wrote to memory of 4328	2860	chrome.exe	85
PID 2860 wrote to memory of 4328	2860	chrome.exe	85
PID 2860 wrote to memory of 4328	2860	chrome.exe	85
PID 2860 wrote to memory of 4328	2860	chrome.exe	85
PID 2860 wrote to memory of 4328	2860	chrome.exe	85
PID 2860 wrote to memory of 1528	2860	chrome.exe	86
PID 2860 wrote to memory of 1528	2860	chrome.exe	86
PID 2860 wrote to memory of 3908	2860	chrome.exe	87
PID 2860 wrote to memory of 3908	2860	chrome.exe	87
PID 2860 wrote to memory of 3908	2860	chrome.exe	87
PID 2860 wrote to memory of 3908	2860	chrome.exe	87
PID 2860 wrote to memory of 3908	2860	chrome.exe	87
PID 2860 wrote to memory of 3908	2860	chrome.exe	87
PID 2860 wrote to memory of 3908	2860	chrome.exe	87
PID 2860 wrote to memory of 3908	2860	chrome.exe	87
PID 2860 wrote to memory of 3908	2860	chrome.exe	87
PID 2860 wrote to memory of 3908	2860	chrome.exe	87
PID 2860 wrote to memory of 3908	2860	chrome.exe	87
PID 2860 wrote to memory of 3908	2860	chrome.exe	87
PID 2860 wrote to memory of 3908	2860	chrome.exe	87
PID 2860 wrote to memory of 3908	2860	chrome.exe	87
PID 2860 wrote to memory of 3908	2860	chrome.exe	87
PID 2860 wrote to memory of 3908	2860	chrome.exe	87
PID 2860 wrote to memory of 3908	2860	chrome.exe	87
PID 2860 wrote to memory of 3908	2860	chrome.exe	87
PID 2860 wrote to memory of 3908	2860	chrome.exe	87
PID 2860 wrote to memory of 3908	2860	chrome.exe	87
PID 2860 wrote to memory of 3908	2860	chrome.exe	87
PID 2860 wrote to memory of 3908	2860	chrome.exe	87

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.icloud.com/iclouddrive/0b7sMFN7qDDexpYRAoRX6ZCAQ#Job_Description_Plan_-_KITON_Brand_2023
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdef219758,0x7ffdef219768,0x7ffdef219778
  2⤵
  PID:612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1680 --field-trial-handle=1880,i,3674692842727446193,3024422409638902443,131072 /prefetch:2
  2⤵
  PID:4328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 --field-trial-handle=1880,i,3674692842727446193,3024422409638902443,131072 /prefetch:8
  2⤵
  PID:1528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2236 --field-trial-handle=1880,i,3674692842727446193,3024422409638902443,131072 /prefetch:8
  2⤵
  PID:3908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2900 --field-trial-handle=1880,i,3674692842727446193,3024422409638902443,131072 /prefetch:1
  2⤵
  PID:4544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2892 --field-trial-handle=1880,i,3674692842727446193,3024422409638902443,131072 /prefetch:1
  2⤵
  PID:4504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5188 --field-trial-handle=1880,i,3674692842727446193,3024422409638902443,131072 /prefetch:8
  2⤵
  PID:2372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3756 --field-trial-handle=1880,i,3674692842727446193,3024422409638902443,131072 /prefetch:8
  2⤵
  PID:4408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=5256 --field-trial-handle=1880,i,3674692842727446193,3024422409638902443,131072 /prefetch:1
  2⤵
  PID:4004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5180 --field-trial-handle=1880,i,3674692842727446193,3024422409638902443,131072 /prefetch:8
  2⤵
  PID:2812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5812 --field-trial-handle=1880,i,3674692842727446193,3024422409638902443,131072 /prefetch:8
  2⤵
  PID:2228

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3012

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3852

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Job Description Plan - KITON Brand 2023\" -spe -an -ai#7zMap3591:140:7zEvent8405
1⤵
PID:1236

C:\Users\Admin\Downloads\Job Description Plan - KITON Brand 2023\Income and benefits of candidates at KITON Fashion 2023.pdf.exe
"C:\Users\Admin\Downloads\Job Description Plan - KITON Brand 2023\Income and benefits of candidates at KITON Fashion 2023.pdf.exe"
1⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:1320

C:\Users\Admin\Downloads\Job Description Plan - KITON Brand 2023\Performance_Marketing_Manager's_salary_and_benefits_at_Kiton_Fashion_2023.exe
"C:\Users\Admin\Downloads\Job Description Plan - KITON Brand 2023\Performance_Marketing_Manager's_salary_and_benefits_at_Kiton_Fashion_2023.exe"
1⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:3952

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

Filesize
330B

MD5
ba8a9d31ef719c4cfbbc57d599256276

SHA1
89770148059a92a003994a80b4a08e3009a46a5d

SHA256
ccc694e50668238689a62de49c01b958bfe1cf3a824d0418dcdf81e8d84d7bdf

SHA512
4e9d77fd80cc837b6b9bcda9bec4a8b4a7303f142381df051947cd1a311bc91f219760bff10ea8d4c42161ffe4b97a4c64d07d9ee17b283cacefa2b53536f62e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
9d46214ab69fb3f5155aa499b077d10a

SHA1
4b148a3d8cc9ad7fa65e40b27ac6ff67d69e1fc4

SHA256
d8b59a7b4542ebd060bae8bb6634538df4857889c7e1884b0d30b69109d45798

SHA512
74f6da69888b51eb120a73045369c2e2c5f1321ee2acd9e746573223804636e95852114ac617bc9f96343cfac0923554a56c4dddea9dc807ce6deb214d4e7c40

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
b9355de493ec353a96b8534efed03d0f

SHA1
42ceab42da777d7a8c8d3c07ffad88b0a96302ce

SHA256
38e9e1720db54c32289924df1c73e7742e9029c2191b4a9fb036112f3135cac1

SHA512
d67e8b5f0489b538198fb943c83fddbc5addbb6e95a221140f4213ab5ac3fc12bea32c30d2046c2b334b460abce40e3f1736820505717f609e0ebb5107d2127d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
ec905d214d5caec348d8cddccaad2835

SHA1
f56a8eb6a3114f4b2d6c8c6e8a8582229ba8f725

SHA256
0949d06df2fadb98fe944cf79462c5466ca0746a1dda66e86b6c83a5558d8c77

SHA512
a9db290bb6342ffbdbf583cfcb83f292003fd37a0a65e4f99d88b3f9cb89c3af354d9030e932ee4219dbf853991358252fcfa4a9c106580c655e57d11e30ccfc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
9461151f242e133f894d47fed18851df

SHA1
1207d5f7a8a471e01641dc757ccda50edc8343cf

SHA256
1f2325e7e9f8539aa3add23c4318b5dec5f8be0b7b26c7a7d2d9800df3f06cdc

SHA512
363cb30ff4c13c9fb26c577d649902a1fce7a34cfe4c495f36892aa103a9eb1352789ddaa5720b60fbf59644d17f2c84457c59419e2fcd498781b2b5d37b9db6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
b14ce06f99601c62737cbd12f5d64dba

SHA1
d1a5dfeec9b6d600b2e0d039ced95712951d7a23

SHA256
50b1cc10621bd0f109cc05c0cc2a888c83f461e00ad0ef96e842fe14913185c5

SHA512
d82ea08c5f2ca729ba10b72851893d3b20a88ad4f4bf92bb1f6b0490c830de4340cad894a88fcc32ed921086e037e23099946ed03ddf8a57d79fceada4d9f8b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
cf1c014b90d039833a1f4bdc70957ea6

SHA1
ff394ee8c225ca8e3847cfb798453698781ea0a8

SHA256
c6153923101e872adcc8cd4f0b895ada23f9026f85c3afb7e942cd06d42dd135

SHA512
357acac19dd4988e9ce397f9c3281b5d3e3b44b5014e038e0028e7d93b978587664c9be62c7fedc1ba3e3f0be3f96acd6c83e16ac108cd7c225c98d5951aedea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
87KB

MD5
e035fe48e588f2fd09ddf46b2093f019

SHA1
48b865a3eb9b481b5c4afd05f944f4891739de7e

SHA256
0bd2773bda984e128629c9444744dbc48198a7caf81a098cd3f74fcb6fe2fa67

SHA512
0781a6b0ac887ea21181d00653c9de4bcfcb9b72e13a928c979b51031cf79437049c219c658739386617bda15f9d031c172d3465e76ae722bf8f13136f594fbc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
111KB

MD5
8a568d94a066e34c80de6b07eaeb829e

SHA1
f99987ca4600e2914747511f4bd2ac5f84a0de56

SHA256
16e84e84cf1aa7d63db20403ebff0c770221fe149858311b344f5cc7d114f704

SHA512
de64935961244c9fe5c4472ffc40b5b73eda943926f77d48685f7308a780bb2aa3d29d6d2dad81ade6fd04a913acc8551f7561f7ad718693bf7d129f0ebb4395

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe589b51.TMP

Filesize
107KB

MD5
6dc0d1bccfda1de8169688e97d1d6151

SHA1
701f3e5594a1741684d31e5b9d1ad1139c653476

SHA256
167a9c3fdf726f22b15942130f4b66344b65ba80aba6c6638a72fab3cdfa8784

SHA512
3e3d3bfd9dcead9bf650ad5c46615076a3bf5de81c52c88bc4cb771244e5fa24cd39887658fbca4e75395fd43b989c0eaed2d98c8c7d31ea6c88e4760b6401f4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\Downloads\Job Description Plan - KITON Brand 2023.zip

Filesize
108.1MB

MD5
4c23508786ff1b28ebd97271d64681c2

SHA1
82734d9c0624777497b6051cba7d054788583fd3

SHA256
876ec4b014e5779d81af67d04fbb50ccfd965dcb8ea3283cdcb3817e8543c593

SHA512
c1641c5a1f77c54294cf32b37902c8978403402caddd910eaf2cd97664525e5f5e7d25e47329aa71094d74e4002d40ec05bcf2dfe35d21a78dedb3a5ad8f6453

Download Submit
C:\Users\Admin\Downloads\Job Description Plan - KITON Brand 2023\Income and benefits of candidates at KITON Fashion 2023.pdf.exe

Filesize
69.3MB

MD5
6b09b27ab1d3d89acc1748e48a17576b

SHA1
e4e4929b0aba2938bd6378fdbf3019776d804811

SHA256
d0a7f5b794a5e397d037fccbe3acfc5a530954123f1afed24c22a8423c35b868

SHA512
06e4f55cbef5c0659699f243b59bbe1bcf0cca29dfe37989afd62d0c0f99747e0cfa84c50fde31d10360809fe4e99425e7f707fd78623b8a95407e872a3ec748

Download Submit
C:\Users\Admin\Downloads\Job Description Plan - KITON Brand 2023\Income and benefits of candidates at KITON Fashion 2023.pdf.exe

Filesize
69.3MB

MD5
6b09b27ab1d3d89acc1748e48a17576b

SHA1
e4e4929b0aba2938bd6378fdbf3019776d804811

SHA256
d0a7f5b794a5e397d037fccbe3acfc5a530954123f1afed24c22a8423c35b868

SHA512
06e4f55cbef5c0659699f243b59bbe1bcf0cca29dfe37989afd62d0c0f99747e0cfa84c50fde31d10360809fe4e99425e7f707fd78623b8a95407e872a3ec748

Download Submit
C:\Users\Admin\Downloads\Job Description Plan - KITON Brand 2023\Performance_Marketing_Manager's_salary_and_benefits_at_Kiton_Fashion_2023.exe

Filesize
70.8MB

MD5
2e3020f21d92a46f34814da5b3f63ec8

SHA1
765442de6e2c0c48d13ad01bb89d7516ca47988b

SHA256
dbe37a980b952da19be5b03b0b6d911ec0d7b3642531a68388d654426bc00ecf

SHA512
55258c855bde53d3cb8c68116b505c8c8c10417e0f41f06de5ff454e6a6adde26fa2e5c43b5536f55a0f3e7bae627dc5ed1392f6cf4a8712186707d229ccb33a

Download Submit
C:\Users\Admin\Downloads\Job Description Plan - KITON Brand 2023\Performance_Marketing_Manager's_salary_and_benefits_at_Kiton_Fashion_2023.exe

Filesize
70.8MB

MD5
2e3020f21d92a46f34814da5b3f63ec8

SHA1
765442de6e2c0c48d13ad01bb89d7516ca47988b

SHA256
dbe37a980b952da19be5b03b0b6d911ec0d7b3642531a68388d654426bc00ecf

SHA512
55258c855bde53d3cb8c68116b505c8c8c10417e0f41f06de5ff454e6a6adde26fa2e5c43b5536f55a0f3e7bae627dc5ed1392f6cf4a8712186707d229ccb33a

Download Submit
memory/1320-305-0x0000000180000000-0x0000000180A23000-memory.dmp

Filesize
10.1MB

Download
memory/1320-315-0x000002D354FE0000-0x000002D355063000-memory.dmp

Filesize
524KB

Download
memory/1320-327-0x000002D354F50000-0x000002D354F76000-memory.dmp

Filesize
152KB

Download
memory/1320-312-0x00007FF618E50000-0x00007FF61978C000-memory.dmp

Filesize
9.2MB

Download
memory/1320-335-0x000002D354F80000-0x000002D354FAA000-memory.dmp

Filesize
168KB

Download
memory/1320-338-0x000002D3341A0000-0x000002D3341B3000-memory.dmp

Filesize
76KB

Download
memory/1320-341-0x000002D334200000-0x000002D334207000-memory.dmp

Filesize
28KB

Download
memory/1320-344-0x000002D334210000-0x000002D334250000-memory.dmp

Filesize
256KB

Download
memory/1320-347-0x00007FF618E50000-0x00007FF61978C000-memory.dmp

Filesize
9.2MB

Download
memory/1320-311-0x000002D3341D0000-0x000002D3341E2000-memory.dmp

Filesize
72KB

Download
memory/1320-308-0x000002D354F00000-0x000002D354F47000-memory.dmp

Filesize
284KB

Download
memory/3952-355-0x00007FF6DDB50000-0x00007FF6DE48C000-memory.dmp

Filesize
9.2MB

Download
memory/3952-379-0x00007FF6DDB50000-0x00007FF6DE48C000-memory.dmp

Filesize
9.2MB

Download