hxxp://tongzhiz3[.]cn

Resubmissions

Analysis

max time kernel
212s
max time network
213s
platform
windows11-21h2_x64
resource
win11-20240419-en
resource tags

arch:x64arch:x86image:win11-20240419-enlocale:en-usos:windows11-21h2-x64system
submitted
03-06-2024 15:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://tongzhiz3.cn

Score

7^/10

motw phishing

Malware Config

Signatures

Executes dropped EXE 2 IoCs

Processes:

稽查事项通知册-终端.exe稽查事项通知册-终端.exe

pid process

2840 稽查事项通知册-终端.exe
3328 稽查事项通知册-终端.exe
Mark of the Web detected: This indicates that the page was originally saved or cloned. 1 IoCs
phishing motw

Processes:

flow ioc

6 http://kcunaki.cn/

pid	process
2840	稽查事项通知册-终端.exe
3328	稽查事项通知册-终端.exe

flow	ioc
6	http://kcunaki.cn/

Drops file in System32 directory 2 IoCs

Processes:

chrome.exe

description	ioc	process
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_01cf530faf2f1752\display.PNF	chrome.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_01cf530faf2f1752\display.PNF	chrome.exe

Drops file in Windows directory 1 IoCs

Processes:

chrome.exe

description ioc process

File opened for modification C:\Windows\SystemTemp chrome.exe

description	ioc	process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133619025557031521"	chrome.exe

Modifies registry class 2 IoCs

Processes:

chrome.exeMiniSearchHost.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\MuiCache	MiniSearchHost.exe

NTFS ADS 1 IoCs

Processes:

chrome.exe

description ioc process

File opened for modification C:\Users\Admin\Downloads\稽查事项通知册-终端.exe:Zone.Identifier chrome.exe
Suspicious behavior: EnumeratesProcesses 6 IoCs

Processes:

chrome.exechrome.exe

pid process

628 chrome.exe
628 chrome.exe
4700 chrome.exe
4700 chrome.exe
4700 chrome.exe
4700 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

Processes:

chrome.exe

pid process

628 chrome.exe
628 chrome.exe

description	ioc	process
File opened for modification	C:\Users\Admin\Downloads\稽查事项通知册-终端.exe:Zone.Identifier	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	628	chrome.exe
Token: SeCreatePagefilePrivilege	628	chrome.exe
Token: SeShutdownPrivilege	628	chrome.exe
Token: SeCreatePagefilePrivilege	628	chrome.exe
Token: SeShutdownPrivilege	628	chrome.exe
Token: SeCreatePagefilePrivilege	628	chrome.exe
Token: SeShutdownPrivilege	628	chrome.exe
Token: SeCreatePagefilePrivilege	628	chrome.exe
Token: SeShutdownPrivilege	628	chrome.exe
Token: SeCreatePagefilePrivilege	628	chrome.exe
Token: SeShutdownPrivilege	628	chrome.exe
Token: SeCreatePagefilePrivilege	628	chrome.exe
Token: SeShutdownPrivilege	628	chrome.exe
Token: SeCreatePagefilePrivilege	628	chrome.exe
Token: SeShutdownPrivilege	628	chrome.exe
Token: SeCreatePagefilePrivilege	628	chrome.exe
Token: SeShutdownPrivilege	628	chrome.exe
Token: SeCreatePagefilePrivilege	628	chrome.exe
Token: SeShutdownPrivilege	628	chrome.exe
Token: SeCreatePagefilePrivilege	628	chrome.exe
Token: SeShutdownPrivilege	628	chrome.exe
Token: SeCreatePagefilePrivilege	628	chrome.exe
Token: SeShutdownPrivilege	628	chrome.exe
Token: SeCreatePagefilePrivilege	628	chrome.exe
Token: SeShutdownPrivilege	628	chrome.exe
Token: SeCreatePagefilePrivilege	628	chrome.exe
Token: SeShutdownPrivilege	628	chrome.exe
Token: SeCreatePagefilePrivilege	628	chrome.exe
Token: SeShutdownPrivilege	628	chrome.exe
Token: SeCreatePagefilePrivilege	628	chrome.exe
Token: SeShutdownPrivilege	628	chrome.exe
Token: SeCreatePagefilePrivilege	628	chrome.exe
Token: SeShutdownPrivilege	628	chrome.exe
Token: SeCreatePagefilePrivilege	628	chrome.exe
Token: SeShutdownPrivilege	628	chrome.exe
Token: SeCreatePagefilePrivilege	628	chrome.exe
Token: SeShutdownPrivilege	628	chrome.exe
Token: SeCreatePagefilePrivilege	628	chrome.exe
Token: SeShutdownPrivilege	628	chrome.exe
Token: SeCreatePagefilePrivilege	628	chrome.exe
Token: SeShutdownPrivilege	628	chrome.exe
Token: SeCreatePagefilePrivilege	628	chrome.exe
Token: SeShutdownPrivilege	628	chrome.exe
Token: SeCreatePagefilePrivilege	628	chrome.exe
Token: SeShutdownPrivilege	628	chrome.exe
Token: SeCreatePagefilePrivilege	628	chrome.exe
Token: SeShutdownPrivilege	628	chrome.exe
Token: SeCreatePagefilePrivilege	628	chrome.exe
Token: SeShutdownPrivilege	628	chrome.exe
Token: SeCreatePagefilePrivilege	628	chrome.exe
Token: SeShutdownPrivilege	628	chrome.exe
Token: SeCreatePagefilePrivilege	628	chrome.exe
Token: SeShutdownPrivilege	628	chrome.exe
Token: SeCreatePagefilePrivilege	628	chrome.exe
Token: SeShutdownPrivilege	628	chrome.exe
Token: SeCreatePagefilePrivilege	628	chrome.exe
Token: SeShutdownPrivilege	628	chrome.exe
Token: SeCreatePagefilePrivilege	628	chrome.exe
Token: SeShutdownPrivilege	628	chrome.exe
Token: SeCreatePagefilePrivilege	628	chrome.exe
Token: SeShutdownPrivilege	628	chrome.exe
Token: SeCreatePagefilePrivilege	628	chrome.exe
Token: SeShutdownPrivilege	628	chrome.exe
Token: SeCreatePagefilePrivilege	628	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

chrome.exe

pid	process
628	chrome.exe
628	chrome.exe
628	chrome.exe
628	chrome.exe
628	chrome.exe
628	chrome.exe
628	chrome.exe
628	chrome.exe
628	chrome.exe
628	chrome.exe
628	chrome.exe
628	chrome.exe
628	chrome.exe
628	chrome.exe
628	chrome.exe
628	chrome.exe
628	chrome.exe
628	chrome.exe
628	chrome.exe
628	chrome.exe
628	chrome.exe
628	chrome.exe
628	chrome.exe
628	chrome.exe
628	chrome.exe
628	chrome.exe
628	chrome.exe
628	chrome.exe
628	chrome.exe
628	chrome.exe
628	chrome.exe
628	chrome.exe
628	chrome.exe
628	chrome.exe
628	chrome.exe
628	chrome.exe
628	chrome.exe
628	chrome.exe
628	chrome.exe
628	chrome.exe
628	chrome.exe
628	chrome.exe
628	chrome.exe
628	chrome.exe
628	chrome.exe
628	chrome.exe
628	chrome.exe
628	chrome.exe
628	chrome.exe
628	chrome.exe
628	chrome.exe
628	chrome.exe
628	chrome.exe
628	chrome.exe
628	chrome.exe
628	chrome.exe
628	chrome.exe
628	chrome.exe
628	chrome.exe
628	chrome.exe
628	chrome.exe
628	chrome.exe
628	chrome.exe
628	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

Processes:

chrome.exe

pid	process
628	chrome.exe
628	chrome.exe
628	chrome.exe
628	chrome.exe
628	chrome.exe
628	chrome.exe
628	chrome.exe
628	chrome.exe
628	chrome.exe
628	chrome.exe
628	chrome.exe
628	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

MiniSearchHost.exe

pid process

4156 MiniSearchHost.exe

pid	process
4156	MiniSearchHost.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 628 wrote to memory of 2256	628	chrome.exe	chrome.exe
PID 628 wrote to memory of 2256	628	chrome.exe	chrome.exe
PID 628 wrote to memory of 3740	628	chrome.exe	chrome.exe
PID 628 wrote to memory of 3740	628	chrome.exe	chrome.exe
PID 628 wrote to memory of 3740	628	chrome.exe	chrome.exe
PID 628 wrote to memory of 3740	628	chrome.exe	chrome.exe
PID 628 wrote to memory of 3740	628	chrome.exe	chrome.exe
PID 628 wrote to memory of 3740	628	chrome.exe	chrome.exe
PID 628 wrote to memory of 3740	628	chrome.exe	chrome.exe
PID 628 wrote to memory of 3740	628	chrome.exe	chrome.exe
PID 628 wrote to memory of 3740	628	chrome.exe	chrome.exe
PID 628 wrote to memory of 3740	628	chrome.exe	chrome.exe
PID 628 wrote to memory of 3740	628	chrome.exe	chrome.exe
PID 628 wrote to memory of 3740	628	chrome.exe	chrome.exe
PID 628 wrote to memory of 3740	628	chrome.exe	chrome.exe
PID 628 wrote to memory of 3740	628	chrome.exe	chrome.exe
PID 628 wrote to memory of 3740	628	chrome.exe	chrome.exe
PID 628 wrote to memory of 3740	628	chrome.exe	chrome.exe
PID 628 wrote to memory of 3740	628	chrome.exe	chrome.exe
PID 628 wrote to memory of 3740	628	chrome.exe	chrome.exe
PID 628 wrote to memory of 3740	628	chrome.exe	chrome.exe
PID 628 wrote to memory of 3740	628	chrome.exe	chrome.exe
PID 628 wrote to memory of 3740	628	chrome.exe	chrome.exe
PID 628 wrote to memory of 3740	628	chrome.exe	chrome.exe
PID 628 wrote to memory of 3740	628	chrome.exe	chrome.exe
PID 628 wrote to memory of 3740	628	chrome.exe	chrome.exe
PID 628 wrote to memory of 3740	628	chrome.exe	chrome.exe
PID 628 wrote to memory of 3740	628	chrome.exe	chrome.exe
PID 628 wrote to memory of 3740	628	chrome.exe	chrome.exe
PID 628 wrote to memory of 3740	628	chrome.exe	chrome.exe
PID 628 wrote to memory of 3740	628	chrome.exe	chrome.exe
PID 628 wrote to memory of 3740	628	chrome.exe	chrome.exe
PID 628 wrote to memory of 3516	628	chrome.exe	chrome.exe
PID 628 wrote to memory of 3516	628	chrome.exe	chrome.exe
PID 628 wrote to memory of 3596	628	chrome.exe	chrome.exe
PID 628 wrote to memory of 3596	628	chrome.exe	chrome.exe
PID 628 wrote to memory of 3596	628	chrome.exe	chrome.exe
PID 628 wrote to memory of 3596	628	chrome.exe	chrome.exe
PID 628 wrote to memory of 3596	628	chrome.exe	chrome.exe
PID 628 wrote to memory of 3596	628	chrome.exe	chrome.exe
PID 628 wrote to memory of 3596	628	chrome.exe	chrome.exe
PID 628 wrote to memory of 3596	628	chrome.exe	chrome.exe
PID 628 wrote to memory of 3596	628	chrome.exe	chrome.exe
PID 628 wrote to memory of 3596	628	chrome.exe	chrome.exe
PID 628 wrote to memory of 3596	628	chrome.exe	chrome.exe
PID 628 wrote to memory of 3596	628	chrome.exe	chrome.exe
PID 628 wrote to memory of 3596	628	chrome.exe	chrome.exe
PID 628 wrote to memory of 3596	628	chrome.exe	chrome.exe
PID 628 wrote to memory of 3596	628	chrome.exe	chrome.exe
PID 628 wrote to memory of 3596	628	chrome.exe	chrome.exe
PID 628 wrote to memory of 3596	628	chrome.exe	chrome.exe
PID 628 wrote to memory of 3596	628	chrome.exe	chrome.exe
PID 628 wrote to memory of 3596	628	chrome.exe	chrome.exe
PID 628 wrote to memory of 3596	628	chrome.exe	chrome.exe
PID 628 wrote to memory of 3596	628	chrome.exe	chrome.exe
PID 628 wrote to memory of 3596	628	chrome.exe	chrome.exe
PID 628 wrote to memory of 3596	628	chrome.exe	chrome.exe
PID 628 wrote to memory of 3596	628	chrome.exe	chrome.exe
PID 628 wrote to memory of 3596	628	chrome.exe	chrome.exe
PID 628 wrote to memory of 3596	628	chrome.exe	chrome.exe
PID 628 wrote to memory of 3596	628	chrome.exe	chrome.exe
PID 628 wrote to memory of 3596	628	chrome.exe	chrome.exe
PID 628 wrote to memory of 3596	628	chrome.exe	chrome.exe
PID 628 wrote to memory of 3596	628	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://tongzhiz3.cn
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:628

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0x100,0x104,0x108,0xfc,0x10c,0x7fff250fcc40,0x7fff250fcc4c,0x7fff250fcc58
2⤵
PID:2256

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1812,i,14182557440022362520,6730167868508382191,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=1808 /prefetch:2
2⤵
PID:3740

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2044,i,14182557440022362520,6730167868508382191,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2100 /prefetch:3
2⤵
PID:3516

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2008,i,14182557440022362520,6730167868508382191,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2368 /prefetch:8
2⤵
PID:3596

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3008,i,14182557440022362520,6730167868508382191,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3024 /prefetch:1
2⤵
PID:4800

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3012,i,14182557440022362520,6730167868508382191,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3156 /prefetch:1
2⤵
PID:5116

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4260,i,14182557440022362520,6730167868508382191,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4784 /prefetch:8
2⤵
PID:1784

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=4988,i,14182557440022362520,6730167868508382191,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5016 /prefetch:8
2⤵
PID:2840

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5008,i,14182557440022362520,6730167868508382191,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5156 /prefetch:8
2⤵
PID:1384

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4420,i,14182557440022362520,6730167868508382191,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=740 /prefetch:8
2⤵
- Drops file in System32 directory
- Suspicious behavior: EnumeratesProcesses
PID:4700

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5156,i,14182557440022362520,6730167868508382191,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4528 /prefetch:8
2⤵
- NTFS ADS
PID:3472

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
1⤵
PID:2904

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:5032

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1172

C:\Users\Admin\Downloads\稽查事项通知册-终端.exe
"C:\Users\Admin\Downloads\稽查事项通知册-终端.exe"
1⤵
- Executes dropped EXE
PID:2840

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4156

C:\Users\Admin\Downloads\稽查事项通知册-终端.exe
"C:\Users\Admin\Downloads\稽查事项通知册-终端.exe"
1⤵
- Executes dropped EXE
PID:3328

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx
Filesize
64KB

MD5
b5ad5caaaee00cb8cf445427975ae66c

SHA1
dcde6527290a326e048f9c3a85280d3fa71e1e22

SHA256
b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

SHA512
92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock
Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val
Filesize
1008B

MD5
d222b77a61527f2c177b0869e7babc24

SHA1
3f23acb984307a4aeba41ebbb70439c97ad1f268

SHA256
80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

SHA512
d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState
Filesize
649B

MD5
b8444dceb3fe7f56d3a5a03cd44cb9be

SHA1
776e0a42c2b14bf630a69524ca62b9e2bd3444e6

SHA256
51bc4a1dfd5923be081fe836bcdce1dbed89778b699ed4a3ac15ccb16de7c7a1

SHA512
bd19d0239747a09588b4d46263a29f27197ba11bd80474a84dcc2bb965c40ef8ea6ee646859965d259c88b4f285a91bbeca81027e7657c3aad67d9addba39804

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
144B

MD5
e3e90e8227203513fb813ac093ac9412

SHA1
c3517be37e469f95fd52e16857630c0e9e76ccbc

SHA256
3a4d4f2a722193c4ab5556cc3c6927736d4caa6ddc0838779cc7f826b26004d1

SHA512
be3ab617c08bb5976346eddc8d30c06775dc21c2517cc9c25d4dd03542ec3a9d40b8489f20ec0063a6a00db044d83b743f6362958a36c13f8ab4149d0c37b2a5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
1KB

MD5
353981d661dc314494dcdf76a2f7c7e1

SHA1
866352c6abf67f8cf8f0a23d7b1c5bae59d2a87a

SHA256
62042361b5f08fea5d7ca2b31f6664358f9a5009994e565bafc509cfa1144105

SHA512
b9487453d8cdc9d2a59987aebc443ca9686d76947d4d5b85b7b27e9f8da90630e81402511c5052524fbff2b08e9a6a9bf873250e8ddf2a7a975c6943fd32764e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
1KB

MD5
4ef37da01a26ce070e678ff8054becee

SHA1
618e80f4dcc8fdc0f25e5f28254d83237395b6e8

SHA256
b8e2b418166da9fac5de1c286d19a3c34272c63dfa24904976c01f901c64bfb3

SHA512
0cea9d18b1966787fcd840f611c0ecf3ae9ae21d070ab728283c00a631ec2ef90e558f0f2a102d9a1ba6d431823861edcd454f61554114947f549abc15696319

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
10KB

MD5
2fc517ecd3e509b3bdc52fe89f7b08b0

SHA1
459ec40c758a9ae4f24ff2bb7675b30c6c24728f

SHA256
7836363bebd5bb92997150369076526f8cf309d623679b31dd10daf413180c84

SHA512
76eb758053009dd7f49c6cf74a142606f2610fef5980b3310f841112e2e5ba09a6839ccedde028b76b1004067f822542429380d0cf003a389401fd41eb2870e7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
9KB

MD5
5abc0e08674a4c20b36dfff52a62646f

SHA1
2d1dafa4fec24dec22e94bbee568f5dc9f6d4336

SHA256
f120f26f59e7bc60259fa2e6b857ef3598dbb6067f65f48ab209f7c6134d81fd

SHA512
17510aa20d89409cfa8f8f0a2a31e4fb9ba58e825700cca9b49395f433fbaf0e45ce2d3e73021be3572fae82643364360ce7c20870f7e316bc8a1ac63c2ed0e3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
9KB

MD5
3f1b9c99212dcb6d887dc338c0e1ffc8

SHA1
01d53b63e33c6ee88e754ff01ef3e2f26f18f875

SHA256
d7c9bd1a7dedb17f6fe9635598253744ea566f8a9ea28e315a4cb4af27aa50bb

SHA512
676484017ebcdbc39b33694254c41be46c7b8c5dc03a02c845006bf425ebdecdd5e32d939c1786a96b3ef2f4fd641eeb4c5a455c047538858df92dee9206cadf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
9KB

MD5
bc73d5e8e02fc556ae506df83c4f792b

SHA1
084e4a9b26b06b062725ff63113e0187e637e423

SHA256
786c56244a6363f5d8ddbd81aaed14b003bf56456135b37b59bced38b98f0647

SHA512
5a468e1d7189a207a0bff202270d570e56566d8b951e859d64bdc67b59004b0b2195ac4db6ac45ba83dd159ff3e5c7ce81932d8e9684a88b309362f0e3f90b63

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
9KB

MD5
3f19750fd0350fe197dac74e4d42b8d8

SHA1
55ba8f757b676566ad4c9f5ff03123649a49397e

SHA256
785c923b1f61fdcdf0978c64d6d0a3542c2fea005a37bf4746ddf6e3fe6f92c8

SHA512
d4ab2088592f180df10c3f8569fc29b8026254fde1b21a101c6026c6d46c2037c360efc070515f9582a27da3f9f6018ab5b30d9611774dc0756d56c2ff2cec9f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
9KB

MD5
6b097b0a47ce8b332834dd8437125622

SHA1
eaf69bfa30dba7531f9b0f92631e91cde5568ac9

SHA256
74dedea352d8b665df7d3d8b8af00fb749dcd56668afde7495bf9da1fdb453d2

SHA512
baeb7b2fd556690b3815e37f5d639c34c100cf216ad6240edb5310210ec3d08a696f045d046993f828358ee9dba141120f0b321d143560d2fa5f5f670a7ccf80

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
9KB

MD5
68c0731d981589c626cd57aaafb3aac8

SHA1
b89af2e3f359270552fea6f862502b06b3b32f06

SHA256
dc0981dfd2bfb763148394f1fd2ea186dc161cc6efd525ee63049eb304ec944c

SHA512
6a7fad4b86d4b7800e9ea0511ba1b43469bef7290f9dc57c2ecf89ef9124a19cad7d9f6db9dc1319f3373251d0581f20b965141423a6bc37c18df6b8797cdf8e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
9KB

MD5
302599eb6d0dcc3ed2d1cd241aad6b38

SHA1
1581fa02e1e8f89e9afd574178d49b5c8986c432

SHA256
9783dafa8887cbd1b58a693fa098599638c082902b0c13a0ee4c94a6df8d8781

SHA512
561b27d0720f0ee21ed7b8b47a49a6f7af8713f7e6139454739461f7017748ce037e094563209ac5c000e8029d51d6a45fadbe369716371eadbd5198d361753e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
9KB

MD5
6fa5ba466904b834894a4d648467f748

SHA1
4d20bdac04aa8468daef14a98cf39c0439f683ff

SHA256
a577688d6e7db403d58005ba34a938188a9a96da165c098f8c3cbb7354a32bd1

SHA512
d0f59a8ea24264d9e171ec307c84122b7141e87730efa13ea6d93bcb39ecaf4f40a0dbe1be0c47153abbf909172bf8dfb6d4701c47a736cc23f7a77c8e928d1e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
9KB

MD5
edca42a36a241b7043f94dbe0d77aae7

SHA1
0c997676adc9094efe937456b57995b92bcef94e

SHA256
7a1ce95487db9347e17a34113baace2e930a23ea790144e981980ac84eac9e57

SHA512
26c6afba7ad56d04d369d10fe5cba0c45313b12210ddf699b91d90e54d8269a8e543bdd74f7484981f15b66f51825c2194f45bb6be96afab6b4dae4a8cda8e1c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
9KB

MD5
54e133d81ff6891a9fbb37c67ec4ec18

SHA1
cb1f7440c233811e3996791c6a8c96ed368bfd37

SHA256
b27b3660025fdc1a7c76783d9569859e526e521b9d317e6c25ed0a99d2b8cd27

SHA512
7253f3d79ccb8f4533f2ab14d4133fe2d6d3946b16d573420f7cb56b410cbd8ade1a02c4322b8fd526b1e0c3672989fed63e61c8f3ad2f9fa285778e9aa9f8b4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
9KB

MD5
f0d7dc02b54a94f5fbce5052fc5fb8e6

SHA1
2baa75f15927132bdd068a76016bff2fd5ffe04d

SHA256
8f822998b041202f3aee36329f1a1818ffe92c38d75271e3e5adf7ee9bd5236c

SHA512
ad7ee32cfd656599b9fb3b42e6e8457e8293e1a62dd822fcb31a9a47e049dc07a51b23a95b56c5e3c5be4826c277ae7f60f2e11804e173172a1a9f0588ee9146

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
9KB

MD5
84084c2838263fc7243ce3e94e713f4a

SHA1
f15875c79911e0cb1f7d364fdc866a749c9ba340

SHA256
4ccaa96f03e6ddb1c3053dac0c091d1e5d5c4427b59ac568ee9b47877603d181

SHA512
b9d17e6d357b5b58f223d64ab92adde400d73e433e4961639e1a2ce7fd5432a87ceb6222352d7196aae422517978cd3ccc47a686ff2241b1b0ba196ae58db9a2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\b356e065-3163-44b6-946f-0d3d6eafa8a7.tmp
Filesize
9KB

MD5
f36d9f070fde0c3bb4e2a266c1dda8fb

SHA1
5bb0448259ceef4efe8ec04115d6a63841c641ad

SHA256
d3e56c4b0cfa0ac77722468799cd7c636844c0e40cf5d86b49235269ea70fde8

SHA512
4735e9fb570cb63d76dcee604eac723755e8beb07c3f09d060220d2bb029b6d1e3c604d380a0b9e89c0dc413fe9a6a8777af9531a115773c9ec4c0ed4610dda2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
77KB

MD5
4f08179aa2f7ef16e91dfd5de8a8c921

SHA1
7d73eac9179bb3926daad8c8de5eabdcc1df70fe

SHA256
46036bf7f001deec6a902d3c34fedd0caee8d60ac5c1e3d9d9f729ab6785cdc9

SHA512
f1744cf17431fa7534de590d0c4a9c392e885e55947be5c38f9e5dc54e95942c494e353b9739e929da05afe0bb4efe2d321615bbb4f8369ba59c284b26b480a2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
77KB

MD5
9459188f713b18ffd943d5392f9cd80b

SHA1
122e46fae3e9dbaa586abe7b964fcfe078eae956

SHA256
70584ee58f9e3e62d25dc7e4cb8f4072c194b3be366b32ffcf8d7a720725ccfa

SHA512
2ad2e5809a23c1dd9fe17bcabe30dfe1831dc63ee6d452139796b58d115a9281baff926b5cefb73ed97d324e18e260cff101c84ac2bd281330ec7c81368f8b3b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
77KB

MD5
d19c4be2d5859c835f0f5009e7ac8035

SHA1
38426383e37be9e2fbf19724383216441fbf91d6

SHA256
ea42f6159da7cfa353397714744550c6ba04c53ebf95d052c365273ca66c982a

SHA512
2d00bcec06492c8e1b69f4972c147ab41444b3e1f6ee651657a2369a45a0f6ee62e41087f62cb9d38da5bffe59de9af22415ee3b3b36d4ab6e06ca8a75a44480

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1
Filesize
264KB

MD5
4bfdc451e9a5004aa8805a5ca43639e2

SHA1
88f71fe22863dcb3f67b9e34c5b01eca7b0c435f

SHA256
ac3843b9165439a1612a412c9a85d242fce30721c456a96a5820b8f0fff07736

SHA512
d418e450f54817b02a93c3774a0b741a6f1b5699114fc2533df2a66e3f68b6e12748bb371f56123db1e204bcc92e3f9524e6560fab32a3d4d9678f65da872030

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat
Filesize
10KB

MD5
18951ad4190ed728ba23e932e0c6e0db

SHA1
fa2d16fcbc3defd07cb8f21d8ea4793a21f261f0

SHA256
66607b009c345a8e70fc1e58ab8a13bbea0e370c8d75f16d2cce5b876a748915

SHA512
a67237089efa8615747bdc6cfe0afc977dc54cfd624a8d2e5124a441c204f1ec58ee7cfbbc105ddc2c18d4f254b9e124d71630bcdba0253d41a96890104f2fff

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 819084.crdownload
Filesize
25.4MB

MD5
6bd7b1da6cecdda481d35391eb2ba24f

SHA1
fd46f546cbc703e2eb18c034a65b8d6d4513dfde

SHA256
597c2571ca9db64c4086a2e7d05fe3cb833a622b297b252c295c37e7a69a1168

SHA512
fed66213ca5804e9178b454b0912cc97e93c4a0068d904f05d9e31d06f13f5f1ca92f09709bf705a8207d0d32ee91f766279cb7c296e6f2585b328a34ed58a0f

Download Submit
C:\Users\Admin\Downloads\稽查事项通知册-终端.exe:Zone.Identifier
Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
\??\pipe\crashpad_628_BXYITWRHCHVHBOUX
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit

pid	process
628	chrome.exe
628	chrome.exe
4700	chrome.exe
4700	chrome.exe
4700	chrome.exe
4700	chrome.exe