hxxp://www[.]mti[.]gov[.]eg/RequestAttachments/949ce461-70ba-409f-91bf-9cdc1c198f5a_Ref[.] List[.]xls

Analysis

max time kernel
204s
max time network
208s
platform
windows10-2004_x64
resource
win10v2004-20231020-en
resource tags

arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
submitted
22/11/2023, 14:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://www.mti.gov.eg/RequestAttachments/949ce461-70ba-409f-91bf-9cdc1c198f5a_Ref. List.xls

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	EXCEL.EXE

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	EXCEL.EXE

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133451360923505611"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000_Classes\Local Settings	chrome.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
876	EXCEL.EXE

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2172	chrome.exe
2172	chrome.exe
1680	chrome.exe
1680	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
2172	chrome.exe
2172	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2172	chrome.exe
Token: SeCreatePagefilePrivilege	2172	chrome.exe
Token: SeShutdownPrivilege	2172	chrome.exe
Token: SeCreatePagefilePrivilege	2172	chrome.exe
Token: SeShutdownPrivilege	2172	chrome.exe
Token: SeCreatePagefilePrivilege	2172	chrome.exe
Token: SeShutdownPrivilege	2172	chrome.exe
Token: SeCreatePagefilePrivilege	2172	chrome.exe
Token: SeShutdownPrivilege	2172	chrome.exe
Token: SeCreatePagefilePrivilege	2172	chrome.exe
Token: SeShutdownPrivilege	2172	chrome.exe
Token: SeCreatePagefilePrivilege	2172	chrome.exe
Token: SeShutdownPrivilege	2172	chrome.exe
Token: SeCreatePagefilePrivilege	2172	chrome.exe
Token: SeShutdownPrivilege	2172	chrome.exe
Token: SeCreatePagefilePrivilege	2172	chrome.exe
Token: SeShutdownPrivilege	2172	chrome.exe
Token: SeCreatePagefilePrivilege	2172	chrome.exe
Token: SeShutdownPrivilege	2172	chrome.exe
Token: SeCreatePagefilePrivilege	2172	chrome.exe
Token: SeShutdownPrivilege	2172	chrome.exe
Token: SeCreatePagefilePrivilege	2172	chrome.exe
Token: SeShutdownPrivilege	2172	chrome.exe
Token: SeCreatePagefilePrivilege	2172	chrome.exe
Token: SeShutdownPrivilege	2172	chrome.exe
Token: SeCreatePagefilePrivilege	2172	chrome.exe
Token: SeShutdownPrivilege	2172	chrome.exe
Token: SeCreatePagefilePrivilege	2172	chrome.exe
Token: SeShutdownPrivilege	2172	chrome.exe
Token: SeCreatePagefilePrivilege	2172	chrome.exe
Token: SeShutdownPrivilege	2172	chrome.exe
Token: SeCreatePagefilePrivilege	2172	chrome.exe
Token: SeShutdownPrivilege	2172	chrome.exe
Token: SeCreatePagefilePrivilege	2172	chrome.exe
Token: SeShutdownPrivilege	2172	chrome.exe
Token: SeCreatePagefilePrivilege	2172	chrome.exe
Token: SeShutdownPrivilege	2172	chrome.exe
Token: SeCreatePagefilePrivilege	2172	chrome.exe
Token: SeShutdownPrivilege	2172	chrome.exe
Token: SeCreatePagefilePrivilege	2172	chrome.exe
Token: SeShutdownPrivilege	2172	chrome.exe
Token: SeCreatePagefilePrivilege	2172	chrome.exe
Token: SeShutdownPrivilege	2172	chrome.exe
Token: SeCreatePagefilePrivilege	2172	chrome.exe
Token: SeShutdownPrivilege	2172	chrome.exe
Token: SeCreatePagefilePrivilege	2172	chrome.exe
Token: SeShutdownPrivilege	2172	chrome.exe
Token: SeCreatePagefilePrivilege	2172	chrome.exe
Token: SeShutdownPrivilege	2172	chrome.exe
Token: SeCreatePagefilePrivilege	2172	chrome.exe
Token: SeShutdownPrivilege	2172	chrome.exe
Token: SeCreatePagefilePrivilege	2172	chrome.exe
Token: SeShutdownPrivilege	2172	chrome.exe
Token: SeCreatePagefilePrivilege	2172	chrome.exe
Token: SeShutdownPrivilege	2172	chrome.exe
Token: SeCreatePagefilePrivilege	2172	chrome.exe
Token: SeShutdownPrivilege	2172	chrome.exe
Token: SeCreatePagefilePrivilege	2172	chrome.exe
Token: SeShutdownPrivilege	2172	chrome.exe
Token: SeCreatePagefilePrivilege	2172	chrome.exe
Token: SeShutdownPrivilege	2172	chrome.exe
Token: SeCreatePagefilePrivilege	2172	chrome.exe
Token: SeShutdownPrivilege	2172	chrome.exe
Token: SeCreatePagefilePrivilege	2172	chrome.exe

Suspicious use of FindShellTrayWindow 33 IoCs

pid	Process
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe

Suspicious use of SetWindowsHookEx 12 IoCs

pid	Process
876	EXCEL.EXE
876	EXCEL.EXE
876	EXCEL.EXE
876	EXCEL.EXE
876	EXCEL.EXE
876	EXCEL.EXE
876	EXCEL.EXE
876	EXCEL.EXE
876	EXCEL.EXE
876	EXCEL.EXE
876	EXCEL.EXE
876	EXCEL.EXE

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2172 wrote to memory of 2184	2172	chrome.exe	51
PID 2172 wrote to memory of 2184	2172	chrome.exe	51
PID 2172 wrote to memory of 1088	2172	chrome.exe	86
PID 2172 wrote to memory of 1088	2172	chrome.exe	86
PID 2172 wrote to memory of 1088	2172	chrome.exe	86
PID 2172 wrote to memory of 1088	2172	chrome.exe	86
PID 2172 wrote to memory of 1088	2172	chrome.exe	86
PID 2172 wrote to memory of 1088	2172	chrome.exe	86
PID 2172 wrote to memory of 1088	2172	chrome.exe	86
PID 2172 wrote to memory of 1088	2172	chrome.exe	86
PID 2172 wrote to memory of 1088	2172	chrome.exe	86
PID 2172 wrote to memory of 1088	2172	chrome.exe	86
PID 2172 wrote to memory of 1088	2172	chrome.exe	86
PID 2172 wrote to memory of 1088	2172	chrome.exe	86
PID 2172 wrote to memory of 1088	2172	chrome.exe	86
PID 2172 wrote to memory of 1088	2172	chrome.exe	86
PID 2172 wrote to memory of 1088	2172	chrome.exe	86
PID 2172 wrote to memory of 1088	2172	chrome.exe	86
PID 2172 wrote to memory of 1088	2172	chrome.exe	86
PID 2172 wrote to memory of 1088	2172	chrome.exe	86
PID 2172 wrote to memory of 1088	2172	chrome.exe	86
PID 2172 wrote to memory of 1088	2172	chrome.exe	86
PID 2172 wrote to memory of 1088	2172	chrome.exe	86
PID 2172 wrote to memory of 1088	2172	chrome.exe	86
PID 2172 wrote to memory of 1088	2172	chrome.exe	86
PID 2172 wrote to memory of 1088	2172	chrome.exe	86
PID 2172 wrote to memory of 1088	2172	chrome.exe	86
PID 2172 wrote to memory of 1088	2172	chrome.exe	86
PID 2172 wrote to memory of 1088	2172	chrome.exe	86
PID 2172 wrote to memory of 1088	2172	chrome.exe	86
PID 2172 wrote to memory of 1088	2172	chrome.exe	86
PID 2172 wrote to memory of 1088	2172	chrome.exe	86
PID 2172 wrote to memory of 1088	2172	chrome.exe	86
PID 2172 wrote to memory of 1088	2172	chrome.exe	86
PID 2172 wrote to memory of 1088	2172	chrome.exe	86
PID 2172 wrote to memory of 1088	2172	chrome.exe	86
PID 2172 wrote to memory of 1088	2172	chrome.exe	86
PID 2172 wrote to memory of 1088	2172	chrome.exe	86
PID 2172 wrote to memory of 1088	2172	chrome.exe	86
PID 2172 wrote to memory of 1088	2172	chrome.exe	86
PID 2172 wrote to memory of 1300	2172	chrome.exe	88
PID 2172 wrote to memory of 1300	2172	chrome.exe	88
PID 2172 wrote to memory of 896	2172	chrome.exe	87
PID 2172 wrote to memory of 896	2172	chrome.exe	87
PID 2172 wrote to memory of 896	2172	chrome.exe	87
PID 2172 wrote to memory of 896	2172	chrome.exe	87
PID 2172 wrote to memory of 896	2172	chrome.exe	87
PID 2172 wrote to memory of 896	2172	chrome.exe	87
PID 2172 wrote to memory of 896	2172	chrome.exe	87
PID 2172 wrote to memory of 896	2172	chrome.exe	87
PID 2172 wrote to memory of 896	2172	chrome.exe	87
PID 2172 wrote to memory of 896	2172	chrome.exe	87
PID 2172 wrote to memory of 896	2172	chrome.exe	87
PID 2172 wrote to memory of 896	2172	chrome.exe	87
PID 2172 wrote to memory of 896	2172	chrome.exe	87
PID 2172 wrote to memory of 896	2172	chrome.exe	87
PID 2172 wrote to memory of 896	2172	chrome.exe	87
PID 2172 wrote to memory of 896	2172	chrome.exe	87
PID 2172 wrote to memory of 896	2172	chrome.exe	87
PID 2172 wrote to memory of 896	2172	chrome.exe	87
PID 2172 wrote to memory of 896	2172	chrome.exe	87
PID 2172 wrote to memory of 896	2172	chrome.exe	87
PID 2172 wrote to memory of 896	2172	chrome.exe	87
PID 2172 wrote to memory of 896	2172	chrome.exe	87

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://www.mti.gov.eg/RequestAttachments/949ce461-70ba-409f-91bf-9cdc1c198f5a_Ref. List.xls
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2172
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffab369758,0x7fffab369768,0x7fffab369778
  2⤵
  PID:2184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1572 --field-trial-handle=1880,i,7752056753027653447,17740683041141422406,131072 /prefetch:2
  2⤵
  PID:1088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2232 --field-trial-handle=1880,i,7752056753027653447,17740683041141422406,131072 /prefetch:8
  2⤵
  PID:896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 --field-trial-handle=1880,i,7752056753027653447,17740683041141422406,131072 /prefetch:8
  2⤵
  PID:1300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3116 --field-trial-handle=1880,i,7752056753027653447,17740683041141422406,131072 /prefetch:1
  2⤵
  PID:3040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2988 --field-trial-handle=1880,i,7752056753027653447,17740683041141422406,131072 /prefetch:1
  2⤵
  PID:4144
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4908 --field-trial-handle=1880,i,7752056753027653447,17740683041141422406,131072 /prefetch:8
  2⤵
  PID:5064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5024 --field-trial-handle=1880,i,7752056753027653447,17740683041141422406,131072 /prefetch:8
  2⤵
  PID:1996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5028 --field-trial-handle=1880,i,7752056753027653447,17740683041141422406,131072 /prefetch:8
  2⤵
  PID:3584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2408 --field-trial-handle=1880,i,7752056753027653447,17740683041141422406,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4388 --field-trial-handle=1880,i,7752056753027653447,17740683041141422406,131072 /prefetch:8
  2⤵
  PID:3996
- C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
  "C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\Downloads\949ce461-70ba-409f-91bf-9cdc1c198f5a_Ref. List.xls"
  2⤵
  - Checks processor information in registry
  - Enumerates system info in registry
  - Suspicious behavior: AddClipboardFormatListener
  - Suspicious use of SetWindowsHookEx
  PID:876

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1812

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
823B

MD5
30b7b07656281172718b015d182e5ca9

SHA1
c559e88c1411dc560df8933497dc87ddba35e6a8

SHA256
07b1c05d67ac25e5de02129b63f0ffe1258a4e2a88192f0eec05c4a53510c9e3

SHA512
f0bb7cfe5353c9e343993a7a190255d9c30efda44eaceb869587ae8dbae7f096864e07202e7d67b1cb70f196de9213f816d378ebcb78a89548ddd81548649e25

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
b9f5512eced2b177c22c173f75612f3f

SHA1
2278e574587c17cf1a7a359f2e2b2337c14ea782

SHA256
c5545cab9ecb751a88ff8cb62269cd417583648b453144430e0696007ffde0dd

SHA512
ebc6061cbdd3b11fa88a93b4db5397ba5e7b4e2b9bf4b812ce6170b4a85d02406ad152ae408a597ef3d027ff3fab1530ac158ff9163c9298a2a3f5cfd9ff935b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
109KB

MD5
3f2ed983cee3488d49b76679d7f8b57b

SHA1
42252d7df16390e97d71cddd747928c40363f7ac

SHA256
1f952f154a5e5a038308528850377b46a4258f155540162dd609993dd6cc2dd2

SHA512
658692666767c4bbaae29ff959332d31ed695ee7c3e93127e03c26f4e72a1f6ed0acc0a7003fa0b6cc5d028087f9dbb08d3015c5eb8737fab9969db1ea3f249c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
110KB

MD5
227f8b406f8a4e08f91e84ecb8e00ddf

SHA1
fae7abdc01ee3f74f4db5362e2df86e1cc9b0092

SHA256
ac28275a763ea3bde0f59f0b9aeb39b74ff0ae042c783eadd09903f88e8f99fe

SHA512
d92b74c1eca97dc81d836d6f83ef11bb7064f19d690083d2c6993a6fd08582b01c9aae9afd54fa65d57e96e52623f1e102b37317758ddc175c119a26e5f74fea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5a9174.TMP

Filesize
103KB

MD5
0ef8b5aee1ea1c28f4c775dcbb441675

SHA1
90f123668d2f1b6e91c27cd60c4c2948b2941ed9

SHA256
30aec71ca90819be70d81d63df261f3582ffbc7705a734b90cd73f3c15f77473

SHA512
a2dd7da27ad2aeac6c43c4ca5f434180d468e4748438ace5c1991635f0b59d723dcabd496bc7c3977755ad2928ec53427057ebb3f506a0cee08b5040c38c8736

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Office\Recent\index.dat

Filesize
325B

MD5
1954cebcaa969144f16cf67d5466029b

SHA1
c778ce67c6f9af50826696802f26d16791cc24cb

SHA256
2ec71561a34e9a76d3d1dab81d79b058c1799ba867a2fa5bebe2106ca82c0b46

SHA512
59cf9bd3b043bb29e8b1a12bfcec508def3f253329c3845873d738bd1b58949e3a946b3a11c8a53b4c0cbd625bb597283e60124e8851b64337f51eba008e975b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\b8ab77100df80ab2.customDestinations-ms

Filesize
24B

MD5
4fcb2a3ee025e4a10d21e1b154873fe2

SHA1
57658e2fa594b7d0b99d02e041d0f3418e58856b

SHA256
90bf6baa6f968a285f88620fbf91e1f5aa3e66e2bad50fd16f37913280ad8228

SHA512
4e85d48db8c0ee5c4dd4149ab01d33e4224456c3f3e3b0101544a5ca87a0d74b3ccd8c0509650008e2abed65efd1e140b1e65ae5215ab32de6f6a49c9d3ec3ff

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\b8ab77100df80ab2.customDestinations-ms

Filesize
773B

MD5
273123a7e10907614368d2ba0181f70c

SHA1
a8ceb5e832616b2930d0ab90b629d2ef1639edc2

SHA256
55ee1dc8e7dcc4e32b85c5c230a13813aca39cde0ad8304cec9bc9e63e580dea

SHA512
6cc692cab6711833b8dd52ab49228432c72d53de5410a268e440865158da48fba268e077cc5fe3c0ad7ef724848a94773cb4b854330f3a548cc972352e721c2b

Download Submit
C:\Users\Admin\Downloads\949ce461-70ba-409f-91bf-9cdc1c198f5a_Ref. List.xls

Filesize
267KB

MD5
b844b9cb8f1db252a3c5340a6e4e2e88

SHA1
b78c1f13221f41483ce3f063a6a6804af90cfff9

SHA256
c97777117d2d12f05dc3dcf8f56a3abcfd2492aa4b507b1341336a5b4e8a8b31

SHA512
92395a875ce3df7d22d74881439eb7566dda8023f6b23bbd58a1c0b8194b6e0a92ae07c2237ba6f26425ad06a3da30b6490c96fe355b070628e9eb63f8a74688

Download Submit
C:\Users\Admin\Downloads\949ce461-70ba-409f-91bf-9cdc1c198f5a_Ref. List.xls

Filesize
267KB

MD5
b844b9cb8f1db252a3c5340a6e4e2e88

SHA1
b78c1f13221f41483ce3f063a6a6804af90cfff9

SHA256
c97777117d2d12f05dc3dcf8f56a3abcfd2492aa4b507b1341336a5b4e8a8b31

SHA512
92395a875ce3df7d22d74881439eb7566dda8023f6b23bbd58a1c0b8194b6e0a92ae07c2237ba6f26425ad06a3da30b6490c96fe355b070628e9eb63f8a74688

Download Submit
memory/876-79-0x00007FFF79470000-0x00007FFF79480000-memory.dmp

Filesize
64KB

Download
memory/876-84-0x00007FFF77080000-0x00007FFF77090000-memory.dmp

Filesize
64KB

Download
memory/876-82-0x00007FFF77080000-0x00007FFF77090000-memory.dmp

Filesize
64KB

Download
memory/876-83-0x00007FFFB93F0000-0x00007FFFB95E5000-memory.dmp

Filesize
2.0MB

Download
memory/876-81-0x00007FFFB93F0000-0x00007FFFB95E5000-memory.dmp

Filesize
2.0MB

Download
memory/876-77-0x00007FFFB93F0000-0x00007FFFB95E5000-memory.dmp

Filesize
2.0MB

Download
memory/876-76-0x00007FFF79470000-0x00007FFF79480000-memory.dmp

Filesize
64KB

Download
memory/876-80-0x00007FFFB93F0000-0x00007FFFB95E5000-memory.dmp

Filesize
2.0MB

Download
memory/876-78-0x00007FFFB93F0000-0x00007FFFB95E5000-memory.dmp

Filesize
2.0MB

Download
memory/876-75-0x00007FFFB93F0000-0x00007FFFB95E5000-memory.dmp

Filesize
2.0MB

Download
memory/876-74-0x00007FFF79470000-0x00007FFF79480000-memory.dmp

Filesize
64KB

Download
memory/876-73-0x00007FFF79470000-0x00007FFF79480000-memory.dmp

Filesize
64KB

Download
memory/876-72-0x00007FFFB93F0000-0x00007FFFB95E5000-memory.dmp

Filesize
2.0MB

Download
memory/876-71-0x00007FFF79470000-0x00007FFF79480000-memory.dmp

Filesize
64KB

Download