hxxps://aguasazuis[.]com[.]br

Resubmissions

14-06-2024 21:18

240614-z546kszfmj 1

14-06-2024 21:17

14-06-2024 21:00

14-06-2024 20:28

14-06-2024 20:08

14-06-2024 20:03

Analysis

max time kernel
149s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
14-06-2024 21:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://aguasazuis.com.br

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133628724368474208"	chrome.exe

Modifies registry class 34 IoCs

description	ioc	Process
Set value (data)	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 00000000ffffffff	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell	chrome.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\KnownFolderDerivedFolderType = "{885A186E-A440-4ADA-812B-DB871B942259}"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e00000001000000	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\NodeSlot = "1"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = ffffffff	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Downloads"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "1"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f50e04fd020ea3a6910a2d808002b30309d0000	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616257"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 14002e8005398e082303024b98265d99428e115f0000	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4052	chrome.exe
4052	chrome.exe
2424	chrome.exe
2424	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
4052	chrome.exe
4052	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4052	chrome.exe
Token: SeCreatePagefilePrivilege	4052	chrome.exe
Token: SeShutdownPrivilege	4052	chrome.exe
Token: SeCreatePagefilePrivilege	4052	chrome.exe
Token: SeShutdownPrivilege	4052	chrome.exe
Token: SeCreatePagefilePrivilege	4052	chrome.exe
Token: SeShutdownPrivilege	4052	chrome.exe
Token: SeCreatePagefilePrivilege	4052	chrome.exe
Token: SeShutdownPrivilege	4052	chrome.exe
Token: SeCreatePagefilePrivilege	4052	chrome.exe
Token: SeShutdownPrivilege	4052	chrome.exe
Token: SeCreatePagefilePrivilege	4052	chrome.exe
Token: SeShutdownPrivilege	4052	chrome.exe
Token: SeCreatePagefilePrivilege	4052	chrome.exe
Token: SeShutdownPrivilege	4052	chrome.exe
Token: SeCreatePagefilePrivilege	4052	chrome.exe
Token: SeShutdownPrivilege	4052	chrome.exe
Token: SeCreatePagefilePrivilege	4052	chrome.exe
Token: SeShutdownPrivilege	4052	chrome.exe
Token: SeCreatePagefilePrivilege	4052	chrome.exe
Token: SeShutdownPrivilege	4052	chrome.exe
Token: SeCreatePagefilePrivilege	4052	chrome.exe
Token: SeShutdownPrivilege	4052	chrome.exe
Token: SeCreatePagefilePrivilege	4052	chrome.exe
Token: SeShutdownPrivilege	4052	chrome.exe
Token: SeCreatePagefilePrivilege	4052	chrome.exe
Token: SeShutdownPrivilege	4052	chrome.exe
Token: SeCreatePagefilePrivilege	4052	chrome.exe
Token: SeShutdownPrivilege	4052	chrome.exe
Token: SeCreatePagefilePrivilege	4052	chrome.exe
Token: SeShutdownPrivilege	4052	chrome.exe
Token: SeCreatePagefilePrivilege	4052	chrome.exe
Token: SeShutdownPrivilege	4052	chrome.exe
Token: SeCreatePagefilePrivilege	4052	chrome.exe
Token: SeShutdownPrivilege	4052	chrome.exe
Token: SeCreatePagefilePrivilege	4052	chrome.exe
Token: SeShutdownPrivilege	4052	chrome.exe
Token: SeCreatePagefilePrivilege	4052	chrome.exe
Token: SeShutdownPrivilege	4052	chrome.exe
Token: SeCreatePagefilePrivilege	4052	chrome.exe
Token: SeShutdownPrivilege	4052	chrome.exe
Token: SeCreatePagefilePrivilege	4052	chrome.exe
Token: SeShutdownPrivilege	4052	chrome.exe
Token: SeCreatePagefilePrivilege	4052	chrome.exe
Token: SeShutdownPrivilege	4052	chrome.exe
Token: SeCreatePagefilePrivilege	4052	chrome.exe
Token: SeShutdownPrivilege	4052	chrome.exe
Token: SeCreatePagefilePrivilege	4052	chrome.exe
Token: SeShutdownPrivilege	4052	chrome.exe
Token: SeCreatePagefilePrivilege	4052	chrome.exe
Token: SeShutdownPrivilege	4052	chrome.exe
Token: SeCreatePagefilePrivilege	4052	chrome.exe
Token: SeShutdownPrivilege	4052	chrome.exe
Token: SeCreatePagefilePrivilege	4052	chrome.exe
Token: SeShutdownPrivilege	4052	chrome.exe
Token: SeCreatePagefilePrivilege	4052	chrome.exe
Token: SeShutdownPrivilege	4052	chrome.exe
Token: SeCreatePagefilePrivilege	4052	chrome.exe
Token: SeShutdownPrivilege	4052	chrome.exe
Token: SeCreatePagefilePrivilege	4052	chrome.exe
Token: SeShutdownPrivilege	4052	chrome.exe
Token: SeCreatePagefilePrivilege	4052	chrome.exe
Token: SeShutdownPrivilege	4052	chrome.exe
Token: SeCreatePagefilePrivilege	4052	chrome.exe

Suspicious use of FindShellTrayWindow 61 IoCs

pid	Process
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3076	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4052 wrote to memory of 2404	4052	chrome.exe	84
PID 4052 wrote to memory of 2404	4052	chrome.exe	84
PID 4052 wrote to memory of 4504	4052	chrome.exe	86
PID 4052 wrote to memory of 4504	4052	chrome.exe	86
PID 4052 wrote to memory of 4504	4052	chrome.exe	86
PID 4052 wrote to memory of 4504	4052	chrome.exe	86
PID 4052 wrote to memory of 4504	4052	chrome.exe	86
PID 4052 wrote to memory of 4504	4052	chrome.exe	86
PID 4052 wrote to memory of 4504	4052	chrome.exe	86
PID 4052 wrote to memory of 4504	4052	chrome.exe	86
PID 4052 wrote to memory of 4504	4052	chrome.exe	86
PID 4052 wrote to memory of 4504	4052	chrome.exe	86
PID 4052 wrote to memory of 4504	4052	chrome.exe	86
PID 4052 wrote to memory of 4504	4052	chrome.exe	86
PID 4052 wrote to memory of 4504	4052	chrome.exe	86
PID 4052 wrote to memory of 4504	4052	chrome.exe	86
PID 4052 wrote to memory of 4504	4052	chrome.exe	86
PID 4052 wrote to memory of 4504	4052	chrome.exe	86
PID 4052 wrote to memory of 4504	4052	chrome.exe	86
PID 4052 wrote to memory of 4504	4052	chrome.exe	86
PID 4052 wrote to memory of 4504	4052	chrome.exe	86
PID 4052 wrote to memory of 4504	4052	chrome.exe	86
PID 4052 wrote to memory of 4504	4052	chrome.exe	86
PID 4052 wrote to memory of 4504	4052	chrome.exe	86
PID 4052 wrote to memory of 4504	4052	chrome.exe	86
PID 4052 wrote to memory of 4504	4052	chrome.exe	86
PID 4052 wrote to memory of 4504	4052	chrome.exe	86
PID 4052 wrote to memory of 4504	4052	chrome.exe	86
PID 4052 wrote to memory of 4504	4052	chrome.exe	86
PID 4052 wrote to memory of 4504	4052	chrome.exe	86
PID 4052 wrote to memory of 4504	4052	chrome.exe	86
PID 4052 wrote to memory of 4504	4052	chrome.exe	86
PID 4052 wrote to memory of 4504	4052	chrome.exe	86
PID 4052 wrote to memory of 764	4052	chrome.exe	87
PID 4052 wrote to memory of 764	4052	chrome.exe	87
PID 4052 wrote to memory of 924	4052	chrome.exe	88
PID 4052 wrote to memory of 924	4052	chrome.exe	88
PID 4052 wrote to memory of 924	4052	chrome.exe	88
PID 4052 wrote to memory of 924	4052	chrome.exe	88
PID 4052 wrote to memory of 924	4052	chrome.exe	88
PID 4052 wrote to memory of 924	4052	chrome.exe	88
PID 4052 wrote to memory of 924	4052	chrome.exe	88
PID 4052 wrote to memory of 924	4052	chrome.exe	88
PID 4052 wrote to memory of 924	4052	chrome.exe	88
PID 4052 wrote to memory of 924	4052	chrome.exe	88
PID 4052 wrote to memory of 924	4052	chrome.exe	88
PID 4052 wrote to memory of 924	4052	chrome.exe	88
PID 4052 wrote to memory of 924	4052	chrome.exe	88
PID 4052 wrote to memory of 924	4052	chrome.exe	88
PID 4052 wrote to memory of 924	4052	chrome.exe	88
PID 4052 wrote to memory of 924	4052	chrome.exe	88
PID 4052 wrote to memory of 924	4052	chrome.exe	88
PID 4052 wrote to memory of 924	4052	chrome.exe	88
PID 4052 wrote to memory of 924	4052	chrome.exe	88
PID 4052 wrote to memory of 924	4052	chrome.exe	88
PID 4052 wrote to memory of 924	4052	chrome.exe	88
PID 4052 wrote to memory of 924	4052	chrome.exe	88
PID 4052 wrote to memory of 924	4052	chrome.exe	88
PID 4052 wrote to memory of 924	4052	chrome.exe	88
PID 4052 wrote to memory of 924	4052	chrome.exe	88
PID 4052 wrote to memory of 924	4052	chrome.exe	88
PID 4052 wrote to memory of 924	4052	chrome.exe	88
PID 4052 wrote to memory of 924	4052	chrome.exe	88
PID 4052 wrote to memory of 924	4052	chrome.exe	88

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://aguasazuis.com.br
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xdc,0xe0,0xe4,0xd8,0x108,0x7ffb0275ab58,0x7ffb0275ab68,0x7ffb0275ab78
  2⤵
  PID:2404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1608 --field-trial-handle=1820,i,5955052082258623328,12239484602586778280,131072 /prefetch:2
  2⤵
  PID:4504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 --field-trial-handle=1820,i,5955052082258623328,12239484602586778280,131072 /prefetch:8
  2⤵
  PID:764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2208 --field-trial-handle=1820,i,5955052082258623328,12239484602586778280,131072 /prefetch:8
  2⤵
  PID:924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3012 --field-trial-handle=1820,i,5955052082258623328,12239484602586778280,131072 /prefetch:1
  2⤵
  PID:4920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3020 --field-trial-handle=1820,i,5955052082258623328,12239484602586778280,131072 /prefetch:1
  2⤵
  PID:3764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4300 --field-trial-handle=1820,i,5955052082258623328,12239484602586778280,131072 /prefetch:8
  2⤵
  PID:640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4824 --field-trial-handle=1820,i,5955052082258623328,12239484602586778280,131072 /prefetch:8
  2⤵
  PID:4320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4644 --field-trial-handle=1820,i,5955052082258623328,12239484602586778280,131072 /prefetch:8
  2⤵
  PID:1248
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4576 --field-trial-handle=1820,i,5955052082258623328,12239484602586778280,131072 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious use of SetWindowsHookEx
  PID:3076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1660 --field-trial-handle=1820,i,5955052082258623328,12239484602586778280,131072 /prefetch:8
  2⤵
  PID:4064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4544 --field-trial-handle=1820,i,5955052082258623328,12239484602586778280,131072 /prefetch:8
  2⤵
  PID:768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4512 --field-trial-handle=1820,i,5955052082258623328,12239484602586778280,131072 /prefetch:8
  2⤵
  PID:3200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4904 --field-trial-handle=1820,i,5955052082258623328,12239484602586778280,131072 /prefetch:8
  2⤵
  PID:1648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4516 --field-trial-handle=1820,i,5955052082258623328,12239484602586778280,131072 /prefetch:8
  2⤵
  PID:1428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4928 --field-trial-handle=1820,i,5955052082258623328,12239484602586778280,131072 /prefetch:8
  2⤵
  PID:1960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1712 --field-trial-handle=1820,i,5955052082258623328,12239484602586778280,131072 /prefetch:8
  2⤵
  PID:3712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1868 --field-trial-handle=1820,i,5955052082258623328,12239484602586778280,131072 /prefetch:8
  2⤵
  PID:2688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4928 --field-trial-handle=1820,i,5955052082258623328,12239484602586778280,131072 /prefetch:8
  2⤵
  PID:4360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4540 --field-trial-handle=1820,i,5955052082258623328,12239484602586778280,131072 /prefetch:8
  2⤵
  PID:3624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4824 --field-trial-handle=1820,i,5955052082258623328,12239484602586778280,131072 /prefetch:8
  2⤵
  PID:368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4476 --field-trial-handle=1820,i,5955052082258623328,12239484602586778280,131072 /prefetch:8
  2⤵
  PID:3196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4452 --field-trial-handle=1820,i,5955052082258623328,12239484602586778280,131072 /prefetch:8
  2⤵
  PID:2308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4476 --field-trial-handle=1820,i,5955052082258623328,12239484602586778280,131072 /prefetch:8
  2⤵
  PID:1580
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4900 --field-trial-handle=1820,i,5955052082258623328,12239484602586778280,131072 /prefetch:8
  2⤵
  PID:680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4836 --field-trial-handle=1820,i,5955052082258623328,12239484602586778280,131072 /prefetch:8
  2⤵
  PID:3648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4980 --field-trial-handle=1820,i,5955052082258623328,12239484602586778280,131072 /prefetch:8
  2⤵
  PID:1764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1660 --field-trial-handle=1820,i,5955052082258623328,12239484602586778280,131072 /prefetch:8
  2⤵
  PID:4872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4992 --field-trial-handle=1820,i,5955052082258623328,12239484602586778280,131072 /prefetch:8
  2⤵
  PID:4828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4488 --field-trial-handle=1820,i,5955052082258623328,12239484602586778280,131072 /prefetch:8
  2⤵
  PID:4964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4952 --field-trial-handle=1820,i,5955052082258623328,12239484602586778280,131072 /prefetch:8
  2⤵
  PID:3948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4972 --field-trial-handle=1820,i,5955052082258623328,12239484602586778280,131072 /prefetch:8
  2⤵
  PID:2764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4968 --field-trial-handle=1820,i,5955052082258623328,12239484602586778280,131072 /prefetch:8
  2⤵
  PID:1588
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4944 --field-trial-handle=1820,i,5955052082258623328,12239484602586778280,131072 /prefetch:8
  2⤵
  PID:5104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4968 --field-trial-handle=1820,i,5955052082258623328,12239484602586778280,131072 /prefetch:8
  2⤵
  PID:4628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4520 --field-trial-handle=1820,i,5955052082258623328,12239484602586778280,131072 /prefetch:8
  2⤵
  PID:5016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4948 --field-trial-handle=1820,i,5955052082258623328,12239484602586778280,131072 /prefetch:8
  2⤵
  PID:3644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4940 --field-trial-handle=1820,i,5955052082258623328,12239484602586778280,131072 /prefetch:8
  2⤵
  PID:2516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4476 --field-trial-handle=1820,i,5955052082258623328,12239484602586778280,131072 /prefetch:8
  2⤵
  PID:4344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4944 --field-trial-handle=1820,i,5955052082258623328,12239484602586778280,131072 /prefetch:8
  2⤵
  PID:2960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4972 --field-trial-handle=1820,i,5955052082258623328,12239484602586778280,131072 /prefetch:8
  2⤵
  PID:4592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4900 --field-trial-handle=1820,i,5955052082258623328,12239484602586778280,131072 /prefetch:8
  2⤵
  PID:4620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4544 --field-trial-handle=1820,i,5955052082258623328,12239484602586778280,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2424

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:4256

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x444 0x4a4
1⤵
PID:2708

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\0edc34c1-efa0-4c62-b501-133284754737.tmp

Filesize
7KB

MD5
fae31090b715f5f81fa48dc5623d3612

SHA1
e6dc12c5f1ef6a989d1da615cdb4f8ecd8dc3216

SHA256
228bbeca7ae8785e4211ba23509bd382510d9d6937615c461ecc5f212b89389a

SHA512
684c3521a8f5cfbee8a0b669f91207a00ed7acc43fc50d3272a6c292202f4c32986f6997c33157ee103fd43cf41673ae94c535e0f63291a2bc02a613cc95733a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
4703155f3a4028f159d6524251aff045

SHA1
58725f8207d55dbda072c5ac25e6ba9c873f107e

SHA256
c3e7a771e90128df684184b2593cbd027b59567f903a156e634f8027879577bb

SHA512
92a78fc7699bf6edc6b30179fd5b9bf1fca2121d951eb9b67a80f387820c13e15e1691929bada440eac60d889a14e43dc5aee85751758e8b3b2514dd1aa96d6d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
24f3080c230b65139d9dc89b14b3f313

SHA1
44b5d67c13733e871c541b8d130bf2d8ae0d2158

SHA256
ca7a0b1cd3601c4c0df86ef991084e053cb5b15130e012eb1884fcb8c0619bc8

SHA512
2e10e51a1dfb910e115841727b73808aa660eb2c2f7d35679d6efb1f45a2256778ff137a49e8832bd51aabc706498322ef6b0badff20c8a79465b340b072b26c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
0f103a99e6dfe62e2e7baeb97a5cced7

SHA1
ec09154e5f02dc05d5386d2b19a8418e6be1e819

SHA256
84f410ffc096a31677cf03eb0ccd485ab7a7fdc1988c86d65246133e95c9bcfe

SHA512
1e5d6d07bc60b85f5f98d924706a7ae8c8d6ab5f37403606c6e49b0003c4cfde29bfe45ad08b5aab2b370ca718db4fd9bf0f267a9d4692e06bd9fc55b2530ed2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
691B

MD5
1202b9b36bd3b05ad3f974b25f1316e6

SHA1
2f54945f641850cce85c0ab3cfef82c8bfe7b898

SHA256
4516ef2a387555203ccbe11023bfbb028802347832f3f0a3f862a97eb629bfef

SHA512
312d80a0a4b1e0a3113b95bf5d0fb2fe9744981df30fe8f4b8170a2b7e9914def579d83cf6f9d62d7bdc560585f15f6e66ac989d2b761d93377595f28699ce5e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
dc0f379192b6481977da12522b86f303

SHA1
00af8509225e3091a94bd1de98dc7464ccad7c85

SHA256
a34f45dda65b95d13a807b091df1b9757fe63062a109557a7aaa9cab5102a290

SHA512
dca9122bcc2c898e1108544ac812b28b2ec82661e0b1b898e352b310a49748b058c16b05ea13c1421c971167d77f98ac439efb60b0dbc0fd92da26bf1f9a2e9d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
9ac1034952db2d73aec4c50df884fff1

SHA1
3ada9626ca965f9c110582bbe2c18c4cafb4d16f

SHA256
33d377285cb853536113bb1db23c872bf5e3a9217cff24fdcfc0b18d3c8a3343

SHA512
cab39fbb7b55b636417b0276a4bda4a85d0d11973aeb6cc6a749f0c40fabe7c7b4ed23d5203b3fe5b1fa7b866da2d7d6d80e0373763969fc7be4702bc465c53b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
c1286c3fc78aa46d009939f6b36abcba

SHA1
cac8c7e4d18a015756e8178429e680f049b6db42

SHA256
dacaeff489c8263538c16deb7418a59e95de4e3039d38a0fd5759caef5505adc

SHA512
592199177cae5c9d073d2a4cd3998b4710435e34e032893402600fd32c95009d6bce9b941fe9a9de30d86bb95561bd414a309eceeed857adb14c7ad9b5b7d748

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
46a70c8ccc66b6ddfae1efde384c0992

SHA1
bafa3b2ed19f7902b9383e47e946fe4d9ce74cc4

SHA256
2c67f44a8140def9cad4d471ce803c12408842a6c7f30eea7a6f6c8750f42322

SHA512
7ef2dc3bdef98c4b470813dad11e0f5b824c34c927329c9f3a5384bd3c0ae0c5f46fce0fc41bf1f4f4c355a3ec4083adc2f92ee5768d3083e0f25e851ba4f2d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
138KB

MD5
5c1b5dbf3950f07f4895b9f71ef84f40

SHA1
d661d33034d2c146c57a8fa98500104e600719d0

SHA256
4257fac4a2b0015f0dc4edb4769d86f49ed56070799a62c58fc565fbfc3ff288

SHA512
32119ba50f43cf56804f1a586e39dee81dfeb0ab1cf4076639d2c4a8656fa6f6f42be66e21eefceaaf7800a2d604a48cb842e308c4cab08046c1a66d72344666

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
94KB

MD5
054f26ba59e87b6f51da0f23d6f017d8

SHA1
6dd88320b7b263d396bd7829b045069b432e7479

SHA256
9b479dddeb6f1fd245fd225aaf4eb6a851d30d7a580014daafddfe2bef703cbe

SHA512
29c56a110c801b255c3e71a05c8734665aadfa4ec09c531ddd4917ca89df1c1f9fc7acc74e8a1dcad621b1f2964732f8c8795c648439f9e8c0cb21ceb5c04ed2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe586481.TMP

Filesize
88KB

MD5
35d69b08eb788fdd9443c9a05496e55a

SHA1
ecbc02401c77a1f0419fae16359b87b4d833dc4f

SHA256
fd7377876edbf112fd63ebdc947c1d404ead8375e09b2daeb8ac80ce146ba4eb

SHA512
2302dc20f39a716488b62a2210a6f5652f80bdd00dec702796def2cd285b1b85e25ff6d0a1bf09d3ea24676e6ed72b031457cd76b1b3e2f47d56206861c39145

Download Submit
C:\Users\Admin\AppData\Local\Temp\2476b060-a482-4e2e-9ff9-8b629615643d.tmp

Filesize
122KB

MD5
bb9a99b47ec21e819de09c0b94b07f23

SHA1
5602d568ae808545f8015079a030fb101bada808

SHA256
e6826b38a8b4f551c15540ece2ef5da530f4ea0e394309d1ed2784d6afd5d946

SHA512
87655224d1b451bfb51e0bd1d2d601843e2b175a9556ba58f81d8609ac853d4ecb4b97b472c000cc37529ae5e834557ab8263fa4c929e08077154e3bc570e563

Download Submit
C:\Users\Admin\AppData\Local\Temp\3a88dba9-d441-452b-8f74-ef06869af844.tmp

Filesize
483KB

MD5
3c9b2cf3eae23d7f8f2b5d6806a5d066

SHA1
38cf5e7794f6262b476605cc7d895d42d80a1801

SHA256
ad730c8ee3a04799c9dd9da5a0c6c5b0e0a3f12b60e9eb46ceab99df23c83a63

SHA512
49e9f1f66f8a101a0898f7e04a69807462a3f0f405b0d5f295bb0b854009c7e8c48b0bb81e3366fc498efe346c81cce4cc656c978371039f8334bbafd549c542

Download Submit
C:\Users\Admin\AppData\Local\Temp\41561d24-ad4a-448e-a7f3-4c3e68f27ac7.tmp

Filesize
62KB

MD5
11b95954c13599b33ad3bf7839bbd610

SHA1
ca259e8991818667407a1940c3684f30703a4957

SHA256
2c74e3618465fee4b776690c131a2d99471fa44d2c55982374a6f0d4f3176deb

SHA512
fd3fefb5990f9772686dcdddb2df92476acd7cb04ab359b71b4e73b93084bcadbab44785c5788d3f6598873f849ebcf3f639044f6b320eed7fa9d15f3b6501cf

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ddcff57-62cf-4fbe-9fd3-da9fe0fe3e51.tmp

Filesize
479KB

MD5
5bd8877569d02b61f83809e4560e0c39

SHA1
8bddfbb7c4dd4da4e5c14e4a221a59e97b583799

SHA256
819f30f79a0c02999cfc8280a4b8c82ffb91daf3d9b86ac7050cc5bce50f1d1a

SHA512
c8578d102056bcade99cf6d3cc4cec435aae5a73f8205555ff6ba528b12f769e7618b11c9eae28a89f067fe5678c98e5747e9e9e7b6a780f3ee23f44638de40f

Download Submit
C:\Users\Admin\AppData\Local\Temp\cd1817b8-1144-4581-a4de-66e6d3c7a74e.tmp

Filesize
49KB

MD5
265068bdfa91e46fb27437009fc15f9c

SHA1
8e78b062307aeca9b842e0c998021f45924be560

SHA256
5c029d9246d55ff45a94855d5a93043ec9204f814399a8c71c4e76f26964693a

SHA512
985eefed60571ab7ddeb42ca65e80b080d2a53a246ea74d80c58af8ee4c6a0294491630d553b14a6c534a5733797c6bdfd1e7edd13d80bd5cf43ee550617fe35

Download Submit
C:\Users\Admin\Downloads\Início - Águas Azuis_files\saved_resource.html

Filesize
47KB

MD5
9adc970d0ff55ef9ab34612ad403df7b

SHA1
05c31ff0cdc07eae0727de7885a4b5d5048cd5a1

SHA256
4c1ff424aa52d9eb8f1dcdc41f79aacc2eea3434e5a41caede3c072755880f87

SHA512
f6ab00235941fa8449436486490b434077f33b609cabf5cd1145048a7339fdba0b16c681894aba3b1910d61865cda1d06bfa4438f570bdee5dda679077ca6ca2

Download Submit