hxxps://anonymfile[.]com/f/21e4a0ac-4c24-4ad5-aaba-bb5babdc9dd1

Resubmissions

16/01/2025, 22:03

250116-1ykzsssjgk 10

16/01/2025, 21:57

250116-1tzmds1raj 4

Analysis

max time kernel
299s
max time network
290s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
16/01/2025, 21:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://anonymfile.com/f/21e4a0ac-4c24-4ad5-aaba-bb5babdc9dd1

Score

4^/10

discovery

Malware Config

Signatures

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133815382487486922"	chrome.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (data)	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f44471a0359723fa74489c55595fe6b30ee0000	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\KnownFolderDerivedFolderType = "{885A186E-A440-4ADA-812B-DB871B942259}"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1092616257"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\LogicalViewMode = "3"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202020202	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 00000000ffffffff	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\NodeSlot = "2"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 200000001a00eebbfe23000010009bee837d4422704eb1f55393042af1e400000000	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByDirection = "1"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0 = 8600310000000000305a6baf10004f434843494e7e3100006e0009000400efbe305a6baf305a6baf2e000000feaa020000001a0000000000000000000000000000002f9a74004f00430020006800630069006e00670065006e006900650072006900610020005000610067006f003100310036003200300032003400700064006600000018000000	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = 00000000ffffffff	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\Shell	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a000000a000000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616257"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = ffffffff	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Mode = "1"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Downloads"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202020202	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\Shell\SniffedFolderType = "Generic"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:PID = "0"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0000000001000000ffffffff	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\IconSize = "48"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupView = "0"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\MRUListEx = ffffffff	chrome.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	chrome.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\OC hcingenieria Pago1162024pdf.zip:Zone.Identifier	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
6036	chrome.exe
6036	chrome.exe
3264	chrome.exe
3264	chrome.exe
3264	chrome.exe
3264	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
4588	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
6036	chrome.exe
6036	chrome.exe
6036	chrome.exe
6036	chrome.exe
6036	chrome.exe
6036	chrome.exe
6036	chrome.exe
6036	chrome.exe
6036	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	6036	chrome.exe
Token: SeCreatePagefilePrivilege	6036	chrome.exe
Token: SeShutdownPrivilege	6036	chrome.exe
Token: SeCreatePagefilePrivilege	6036	chrome.exe
Token: SeShutdownPrivilege	6036	chrome.exe
Token: SeCreatePagefilePrivilege	6036	chrome.exe
Token: SeShutdownPrivilege	6036	chrome.exe
Token: SeCreatePagefilePrivilege	6036	chrome.exe
Token: SeShutdownPrivilege	6036	chrome.exe
Token: SeCreatePagefilePrivilege	6036	chrome.exe
Token: SeShutdownPrivilege	6036	chrome.exe
Token: SeCreatePagefilePrivilege	6036	chrome.exe
Token: SeShutdownPrivilege	6036	chrome.exe
Token: SeCreatePagefilePrivilege	6036	chrome.exe
Token: SeShutdownPrivilege	6036	chrome.exe
Token: SeCreatePagefilePrivilege	6036	chrome.exe
Token: SeShutdownPrivilege	6036	chrome.exe
Token: SeCreatePagefilePrivilege	6036	chrome.exe
Token: SeShutdownPrivilege	6036	chrome.exe
Token: SeCreatePagefilePrivilege	6036	chrome.exe
Token: SeShutdownPrivilege	6036	chrome.exe
Token: SeCreatePagefilePrivilege	6036	chrome.exe
Token: SeShutdownPrivilege	6036	chrome.exe
Token: SeCreatePagefilePrivilege	6036	chrome.exe
Token: SeShutdownPrivilege	6036	chrome.exe
Token: SeCreatePagefilePrivilege	6036	chrome.exe
Token: SeShutdownPrivilege	6036	chrome.exe
Token: SeCreatePagefilePrivilege	6036	chrome.exe
Token: SeShutdownPrivilege	6036	chrome.exe
Token: SeCreatePagefilePrivilege	6036	chrome.exe
Token: SeShutdownPrivilege	6036	chrome.exe
Token: SeCreatePagefilePrivilege	6036	chrome.exe
Token: SeShutdownPrivilege	6036	chrome.exe
Token: SeCreatePagefilePrivilege	6036	chrome.exe
Token: SeShutdownPrivilege	6036	chrome.exe
Token: SeCreatePagefilePrivilege	6036	chrome.exe
Token: SeShutdownPrivilege	6036	chrome.exe
Token: SeCreatePagefilePrivilege	6036	chrome.exe
Token: SeShutdownPrivilege	6036	chrome.exe
Token: SeCreatePagefilePrivilege	6036	chrome.exe
Token: SeShutdownPrivilege	6036	chrome.exe
Token: SeCreatePagefilePrivilege	6036	chrome.exe
Token: SeShutdownPrivilege	6036	chrome.exe
Token: SeCreatePagefilePrivilege	6036	chrome.exe
Token: SeShutdownPrivilege	6036	chrome.exe
Token: SeCreatePagefilePrivilege	6036	chrome.exe
Token: SeShutdownPrivilege	6036	chrome.exe
Token: SeCreatePagefilePrivilege	6036	chrome.exe
Token: SeShutdownPrivilege	6036	chrome.exe
Token: SeCreatePagefilePrivilege	6036	chrome.exe
Token: SeShutdownPrivilege	6036	chrome.exe
Token: SeCreatePagefilePrivilege	6036	chrome.exe
Token: SeShutdownPrivilege	6036	chrome.exe
Token: SeCreatePagefilePrivilege	6036	chrome.exe
Token: SeShutdownPrivilege	6036	chrome.exe
Token: SeCreatePagefilePrivilege	6036	chrome.exe
Token: SeShutdownPrivilege	6036	chrome.exe
Token: SeCreatePagefilePrivilege	6036	chrome.exe
Token: SeShutdownPrivilege	6036	chrome.exe
Token: SeCreatePagefilePrivilege	6036	chrome.exe
Token: SeShutdownPrivilege	6036	chrome.exe
Token: SeCreatePagefilePrivilege	6036	chrome.exe
Token: SeShutdownPrivilege	6036	chrome.exe
Token: SeCreatePagefilePrivilege	6036	chrome.exe

Suspicious use of FindShellTrayWindow 33 IoCs

pid	Process
6036	chrome.exe
6036	chrome.exe
6036	chrome.exe
6036	chrome.exe
6036	chrome.exe
6036	chrome.exe
6036	chrome.exe
6036	chrome.exe
6036	chrome.exe
6036	chrome.exe
6036	chrome.exe
6036	chrome.exe
6036	chrome.exe
6036	chrome.exe
6036	chrome.exe
6036	chrome.exe
6036	chrome.exe
6036	chrome.exe
6036	chrome.exe
6036	chrome.exe
6036	chrome.exe
6036	chrome.exe
6036	chrome.exe
6036	chrome.exe
6036	chrome.exe
6036	chrome.exe
6036	chrome.exe
6036	chrome.exe
6036	chrome.exe
6036	chrome.exe
6036	chrome.exe
6036	chrome.exe
6036	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
6036	chrome.exe
6036	chrome.exe
6036	chrome.exe
6036	chrome.exe
6036	chrome.exe
6036	chrome.exe
6036	chrome.exe
6036	chrome.exe
6036	chrome.exe
6036	chrome.exe
6036	chrome.exe
6036	chrome.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 6036 wrote to memory of 6092	6036	chrome.exe	77
PID 6036 wrote to memory of 6092	6036	chrome.exe	77
PID 6036 wrote to memory of 4828	6036	chrome.exe	78
PID 6036 wrote to memory of 4828	6036	chrome.exe	78
PID 6036 wrote to memory of 4828	6036	chrome.exe	78
PID 6036 wrote to memory of 4828	6036	chrome.exe	78
PID 6036 wrote to memory of 4828	6036	chrome.exe	78
PID 6036 wrote to memory of 4828	6036	chrome.exe	78
PID 6036 wrote to memory of 4828	6036	chrome.exe	78
PID 6036 wrote to memory of 4828	6036	chrome.exe	78
PID 6036 wrote to memory of 4828	6036	chrome.exe	78
PID 6036 wrote to memory of 4828	6036	chrome.exe	78
PID 6036 wrote to memory of 4828	6036	chrome.exe	78
PID 6036 wrote to memory of 4828	6036	chrome.exe	78
PID 6036 wrote to memory of 4828	6036	chrome.exe	78
PID 6036 wrote to memory of 4828	6036	chrome.exe	78
PID 6036 wrote to memory of 4828	6036	chrome.exe	78
PID 6036 wrote to memory of 4828	6036	chrome.exe	78
PID 6036 wrote to memory of 4828	6036	chrome.exe	78
PID 6036 wrote to memory of 4828	6036	chrome.exe	78
PID 6036 wrote to memory of 4828	6036	chrome.exe	78
PID 6036 wrote to memory of 4828	6036	chrome.exe	78
PID 6036 wrote to memory of 4828	6036	chrome.exe	78
PID 6036 wrote to memory of 4828	6036	chrome.exe	78
PID 6036 wrote to memory of 4828	6036	chrome.exe	78
PID 6036 wrote to memory of 4828	6036	chrome.exe	78
PID 6036 wrote to memory of 4828	6036	chrome.exe	78
PID 6036 wrote to memory of 4828	6036	chrome.exe	78
PID 6036 wrote to memory of 4828	6036	chrome.exe	78
PID 6036 wrote to memory of 4828	6036	chrome.exe	78
PID 6036 wrote to memory of 4828	6036	chrome.exe	78
PID 6036 wrote to memory of 4828	6036	chrome.exe	78
PID 6036 wrote to memory of 1972	6036	chrome.exe	79
PID 6036 wrote to memory of 1972	6036	chrome.exe	79
PID 6036 wrote to memory of 1460	6036	chrome.exe	80
PID 6036 wrote to memory of 1460	6036	chrome.exe	80
PID 6036 wrote to memory of 1460	6036	chrome.exe	80
PID 6036 wrote to memory of 1460	6036	chrome.exe	80
PID 6036 wrote to memory of 1460	6036	chrome.exe	80
PID 6036 wrote to memory of 1460	6036	chrome.exe	80
PID 6036 wrote to memory of 1460	6036	chrome.exe	80
PID 6036 wrote to memory of 1460	6036	chrome.exe	80
PID 6036 wrote to memory of 1460	6036	chrome.exe	80
PID 6036 wrote to memory of 1460	6036	chrome.exe	80
PID 6036 wrote to memory of 1460	6036	chrome.exe	80
PID 6036 wrote to memory of 1460	6036	chrome.exe	80
PID 6036 wrote to memory of 1460	6036	chrome.exe	80
PID 6036 wrote to memory of 1460	6036	chrome.exe	80
PID 6036 wrote to memory of 1460	6036	chrome.exe	80
PID 6036 wrote to memory of 1460	6036	chrome.exe	80
PID 6036 wrote to memory of 1460	6036	chrome.exe	80
PID 6036 wrote to memory of 1460	6036	chrome.exe	80
PID 6036 wrote to memory of 1460	6036	chrome.exe	80
PID 6036 wrote to memory of 1460	6036	chrome.exe	80
PID 6036 wrote to memory of 1460	6036	chrome.exe	80
PID 6036 wrote to memory of 1460	6036	chrome.exe	80
PID 6036 wrote to memory of 1460	6036	chrome.exe	80
PID 6036 wrote to memory of 1460	6036	chrome.exe	80
PID 6036 wrote to memory of 1460	6036	chrome.exe	80
PID 6036 wrote to memory of 1460	6036	chrome.exe	80
PID 6036 wrote to memory of 1460	6036	chrome.exe	80
PID 6036 wrote to memory of 1460	6036	chrome.exe	80
PID 6036 wrote to memory of 1460	6036	chrome.exe	80
PID 6036 wrote to memory of 1460	6036	chrome.exe	80

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://anonymfile.com/f/21e4a0ac-4c24-4ad5-aaba-bb5babdc9dd1
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:6036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff90062cc40,0x7ff90062cc4c,0x7ff90062cc58
  2⤵
  PID:6092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1816,i,4112728143124699026,11650860479571065610,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1812 /prefetch:2
  2⤵
  PID:4828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2060,i,4112728143124699026,11650860479571065610,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2108 /prefetch:3
  2⤵
  PID:1972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2148,i,4112728143124699026,11650860479571065610,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2380 /prefetch:8
  2⤵
  PID:1460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3048,i,4112728143124699026,11650860479571065610,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3092 /prefetch:1
  2⤵
  PID:5700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3056,i,4112728143124699026,11650860479571065610,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3112 /prefetch:1
  2⤵
  PID:5560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4692,i,4112728143124699026,11650860479571065610,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4704 /prefetch:8
  2⤵
  PID:2100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4592,i,4112728143124699026,11650860479571065610,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4864 /prefetch:8
  2⤵
  - NTFS ADS
  PID:5440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=5136,i,4112728143124699026,11650860479571065610,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4240 /prefetch:1
  2⤵
  PID:4472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5324,i,4112728143124699026,11650860479571065610,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5368 /prefetch:1
  2⤵
  PID:2988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5544,i,4112728143124699026,11650860479571065610,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5556 /prefetch:1
  2⤵
  PID:3604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=3172,i,4112728143124699026,11650860479571065610,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5568 /prefetch:1
  2⤵
  PID:2480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5524,i,4112728143124699026,11650860479571065610,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3184 /prefetch:1
  2⤵
  PID:6056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=212,i,4112728143124699026,11650860479571065610,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5328 /prefetch:1
  2⤵
  PID:5968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5288,i,4112728143124699026,11650860479571065610,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5608 /prefetch:1
  2⤵
  PID:6024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3120,i,4112728143124699026,11650860479571065610,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5164 /prefetch:8
  2⤵
  PID:3332
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5432,i,4112728143124699026,11650860479571065610,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5456 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  PID:4588
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5164,i,4112728143124699026,11650860479571065610,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5680 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3264

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:5732

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2236

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2468

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
b5ad5caaaee00cb8cf445427975ae66c

SHA1
dcde6527290a326e048f9c3a85280d3fa71e1e22

SHA256
b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

SHA512
92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
1008B

MD5
d222b77a61527f2c177b0869e7babc24

SHA1
3f23acb984307a4aeba41ebbb70439c97ad1f268

SHA256
80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

SHA512
d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\0f20f685-64fa-4415-86d5-b161effb063c.tmp

Filesize
10KB

MD5
f271109c5dcb1700c5e03479dfdf4c17

SHA1
4cf4661781b8ec1b17e06d7e8016e8d967658a12

SHA256
5ce77c3ee17f5134edf2a7e0f79dafc31390a73815ed5ffd38108742b7d15f89

SHA512
c66832bf5c3a44cb36af111fb14e58d6b3cd76303a97c7059d543fed5b1d4d2e4f8d6ff50b756bfbdffebf180119050cc69f3b6abff82c7ee2f19155c66547d3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
a92fb6e9b891ab38323d82553ef89d2e

SHA1
db349eec6055169b8aaa3f1256c08253e559bb08

SHA256
e53e4cd2eb35fa846383bf9c2b8626629e426fe793f7b9ff9a52655611c2e5d2

SHA512
a8fb7fa5b8711e9a0f621986f6cfdaab87888a45800f2e5c2f07d979e2daf9c522efb658bc3384757a81fc59a4db943956de2a4ac01017af6a759ba812a4706e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

Filesize
215KB

MD5
d474ec7f8d58a66420b6daa0893a4874

SHA1
4314642571493ba983748556d0e76ec6704da211

SHA256
553a19b6f44f125d9594c02231e4217e9d74d92b7065dc996d92f1e53f6bcb69

SHA512
344062d1be40db095abb7392b047b16f33ea3043158690cf66a2fa554aa2db79c4aa68de1308f1eddf6b9140b9ac5de70aad960b4e8e8b91f105213c4aace348

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000019

Filesize
41KB

MD5
ca9e4686e278b752e1dec522d6830b1f

SHA1
1129a37b84ee4708492f51323c90804bb0dfed64

SHA256
b36086821f07e11041fc44b05d2cafe3fb756633e72b07da453c28bd4735ed26

SHA512
600e5d6e1df68423976b1dcfa99e56cb8b8f5cd008d52482fefb086546256a9822025d75f5b286996b19ee1c7cd254f476abf4de0cf8c6205d9f7d5e49b80671

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001a

Filesize
215KB

MD5
d79b35ccf8e6af6714eb612714349097

SHA1
eb3ccc9ed29830df42f3fd129951cb8b791aaf98

SHA256
c8459799169b81fdab64d028a9ebb058ea2d0ad5feb33a11f6a45a54a5ccc365

SHA512
f4be1c1e192a700139d7cff5059af81c0234ed5f032796036a1a4879b032ce4eedd16a121bbf776f17bc84a0012846f467ad48b46db4008841c25b779c7d8f5a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
ae2b087bf44c4d06799845684f45ac41

SHA1
2c0705dc96b3811ba1672efea3b6d8c1ee8f84be

SHA256
260071c2752244312f9e88e3a22100df1a689019803e4a3295341dbd3d7afd5a

SHA512
22d267ea670451d8ddb543c19976669fead3634b9c4b91500c2182088d1ec09495f90ac34901c341d856aac8811a25df7e5effdfafcfd2c3904b7bc9eb833269

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
93317d0cd73ef7ca5712145a9a5e27f6

SHA1
ad0765fed0390429b2d4a1f0d85a2b7b98fae8e9

SHA256
ef9ff48a97b261c20148d440600209ac0e3feee2b0d5d00cb7ff170efe2c1e62

SHA512
397d0784fca90b640643a8eeddfca0e971f41d9ae416a5b7e3eb431d59eed249f5850417d6bbe547e40e3d05a276e4819306a4a93afddd15ee966d520f23e3cb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
720B

MD5
b14134ff8e7e73a30d902ceb63d36652

SHA1
3737e7c025cd876a11ac8a87c8f83c1de7bdd768

SHA256
95f41e3b28e50be4cdf22ad90d77e9f916a1ac9629a995842bef4614802a71bb

SHA512
a3c519f3ec55f2c0e241933fa0c4d1b93d65e8abf78593150b81d6f3dbb303f0a535bb93e1a1b3d840a7f74f7e2fa76e2365b669d411720d767b20400b80541f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
c8a23d0e00cb2b24a18494d695fecbbd

SHA1
2de6dd239be3b43939116cb9b75eccd929fc8ea5

SHA256
ef84b52be5175b16c9ff4ea378a3436815502c3ab47c9fee5ef0a8c03ad9c5ca

SHA512
67d2f274cc22d73932238566d34ed5680743ad217c228deabc127ce04aa5637034d4a2fc39cbfc42ad4318b6c641ceca59b629cebd1ffa438dd4a960a11c5bfb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
22b3b842482217c4b1bc4d970631d9b3

SHA1
56f080b9d2938dc59200ee6c8a35be18dac8146e

SHA256
2306d0f17ae91f67b579854551f7265a2315e07e5f9d29910fceb29ea9ccb7d2

SHA512
7183ac639d6844c69689db179363a32efbc89837ea1e35ff6b0cf4e67c6eccc6ccebf051b34559076193b1d34cb53d45b4a7f6428f200a173f1b6f1a8e01c391

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
7KB

MD5
06b948c5535774aa112647d25c4dd91e

SHA1
f9c584c59db4d593b840a2c845ef4905fbb1f4f6

SHA256
50d81f2c3dbc56bd69b418bffea94ba9808afdb3b03bba297ba03e15d0a47f4d

SHA512
53b12a35dfbfc96050179c08ac198c8e9e4ff551145e834c7411eeb29cd124e7b9a7794553cb21c68b37ab1b8077d4bc5ef2d80736d3afe875d6f9b959d85a1e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
6904366ca6046c6dc5112343f45798f6

SHA1
6c1142d6fe31359245dfa8599962a2cb3d3d5fb9

SHA256
4c46688da6ba6d43eb0b6da647780aa6148e0ac8d31c1cb93be80144f62392b9

SHA512
ef0d9f6c909240cedfec5b8e665fd9d273c5d308c13897dc821c2afc6e7c73e14d2b1a4005b4a962cdc5f8c50abf8574ccef406b860e20afa24fd0f390702f39

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
354B

MD5
aeeb776ad0b89efac4e222e0ef30bdbd

SHA1
1ab27c5b3179871daaedb97faa1dad34d0401871

SHA256
b6a648f8fbbd1d73407dd4b04b5af5787bbc408dd5b4ef6e645408eaec5aa54d

SHA512
e5668b057037f8776a4d0ed3842a0f8fa27e851ea711e1be84c4bfe61df5e18ddac1328d9115c428f63c6a536bc6079c0418ce93d51808954e8aebcb6c4382c6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
850B

MD5
f286386f378a9439b9f67e2c2efe2848

SHA1
6f7aee4c0d3c4930f65b3177a5e8f8e969b9fbd1

SHA256
d71aa9d7561b35ad553805be076ca6156341927af2031a4db6df3d3b8bbe2c24

SHA512
4b3d939f53b46b3798c8010a5ce8ae93a49496d43c7ae4eb272bc093013d1febeaf37ca812bb5938ba0219ab5138358e6de59c0bbad289041f666104a622a6c2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\c6a93d07-e161-4177-bc72-99ac90d53b58.tmp

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
c4eb80435538292ed1eb4396d8ffc124

SHA1
a627a8b5538a551c281ec5696e0c7e6bde01ac46

SHA256
cfdfff4ffe4cb759b4d17301e1554df6bde0b7e37aeb0a34680ae267c95c2cc4

SHA512
68324e3bfca63c3662f54d4748fa5df9a9df38868705493c44e55382322d5e740dc362ecb88cbe82bf8e417853257cf2d7c6eac95b706a7704187042843f0230

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
67bbeebef513bee8f31a5608cae6026f

SHA1
955fd3bbee60c947860fe53001c502390f6eac43

SHA256
999dfc8c15aa869cf53b71e28667da8bd745206590e0b0df57e0af3f5372c724

SHA512
a99529f0a1ecb1dc7054e2dfe3cb8afb90654a0fbb34e06de17529866bd08af091864126c2861aacef7b4747936de93feb46d7b9c644ec275a12e9d7b7259924

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
bd8ca9fbefc7556e24037a64304f1231

SHA1
f66e3051aee187a438b222b364ffc3bab04924c5

SHA256
c03475f2482236b114a4a887c49f016717e751a64953100ebc79b99a09787afd

SHA512
3bff24100532aa87bd34b348e72149431f914de73b21bc8528f73a5a88fead07184156fb26083fb36508da30f8ce77b6945581cdbadf27f3f1d4c1fc690939a5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
6f74f3effead08e3ab543dcbf92cee42

SHA1
aa080e4a105bb57b49157a3a87764d5072343d66

SHA256
ad8e2c06cfdf627e073767aa31325df7a49cbc44d3210a49210d1ecda2802bbc

SHA512
1c53e94fbd772d36e12c145e2040fe0cb6042797113a069a53382ae7e7a689ed7a2516555b286d351775e3406dfc271c76f91f6a97fe12bd34917de5ede2c244

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
11f835f863397696ec952f2f0696c0ef

SHA1
a0f20bcae8ff7ad2c82b28ae255a657c23fd0ea5

SHA256
c97c45db3ef1c57fbda21a418f7a4ec4b1d8e7ac6926d0fb85309a5a51e48193

SHA512
61aa17369084e877d1e7a58b89ddc1ec146a060836e33a8c52fadbcf0a78982f365f069f5d3e37106132cfc44de13b626b1fe1b1b1a1d7299ad713102e87c2b2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
c6b74841127eaf7b523997425bc578c2

SHA1
76a953af33923a9ddcebb0694a8d8c6b314ab51f

SHA256
51abcbd187fb1cb19938a0092a671f2173d7674ad67ee9e4a074fbd604d9a9a8

SHA512
8739780c4e88473769376c1c474492ac5fecfa42ba08462ec862821d73a4d21c7db07fbeda7a80fcce43231e05e06a20e420b35de74d91fb97565c8d4ae07f18

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
db223a47721536da935c5096a026e0c5

SHA1
396cbc692b6f1c758749c069cedf0c877ebf6c69

SHA256
723bfd7afe8311f0826f8c7003f612a886e17b8b6945c2e74c8dc9f767c2d028

SHA512
2f18552d7c17e7adb344bea54e9d694facb18be8f00bb1b781ee1d18f2aebaf4df84b13b49ab8a806659aa692a690fecb327cd053b197bafd97a860f1c25dd05

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
240a61752bbdfd0af69b4c12f578455d

SHA1
14d2ae5646ae7b6cfcf1b2d0cd0ccc4601ec7027

SHA256
f9af560d37d871cb797490a2635072fff80bb0e0bace575438499240179e08cc

SHA512
1108978a5ba9eef81ee324bca3c29a9608fa6c3cb00cb54f7d7aa85182ac41c6720d6104433e837f21330debc0294c066b3e646cfc0d4cb589777c20d125ec67

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
957d5d309f59585b0ecef9c3be5ab945

SHA1
449c432534b62c3bb67cbd88ac116d602a72a088

SHA256
7f7865f70e942f1864dd785f9b4ea61e755a62a082d5678cb70807b2d48763d6

SHA512
fd905f47f6fac03438bad33b1594b6ba50c66dda1def047a4ab54270b8021064550a0427271d2658451fa4829287a5ce6a341f4f4821a690101ebe0e0b746873

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
b663af595e01ec0f73e902d208e9e1a8

SHA1
640b2e0193f200b133d80bb192dadb5e07f40172

SHA256
fe51a4edf3a5e16f517d57340c99f7b084b5541d4762da5fd7ac25e283b29aba

SHA512
b0f15d28f57a6c829cc3903204cb1763e4e9a5048f72eaff10eccaadf318c5d53e69cced35413d3e28e95120a272e34bde666cb9a30384c42fca7c67be5442dc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
0cb946a52d8da3d195b37c3678886d7c

SHA1
f2a91ea9f23e25298a6eac31771ba0460fb2cc21

SHA256
7c69de3a3c2c1fe611c0736baf77eb46efbb630980635019683d6af3faff1abc

SHA512
f72fe8b228f9fcbf80aea8db8267c26b2a630b2d2528114baf6bee6c9ccda2bc8f17958a9493ba35c1bef6f1b330292820a1bff5718bdbcba49ae5d971fa63bb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
6de80aa83ebd44bab6352b447323efa8

SHA1
c9ac08b543c77b210417fd24267586af59f952f5

SHA256
02b1853d69737f9fbfb168df4878cabcc486be69b58af1fdfd6afcd0e56e3460

SHA512
86a0a3b1d352121cbeb60dbff159ade4dd9b1278410092ccf666c368a63bffd88d907260515c63db652fbd68cf9ba9c3172f8543c26a5c3fa4ebb91d4344ed07

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
b01d45345f06b04d2b9e84ca2075b97a

SHA1
f34c5b53f3008e47c79a07c8fcee870785a6f947

SHA256
e309cf94613c878faa0b7da45972116834e425c30ccc0c805c4c726f40f55d05

SHA512
e65f263731102f7b60a005980fbf413a7aaeb7bd7807c15a20803dc91f759c9d1ff1413ef1ac7a2858795f6a5f5cb69627f5586c960730a3bf5deffa50ca9f27

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c1b7c1a42e8dd8c8f902dc61a2dd2e4f

SHA1
32d503c835fd5c3b27a1d1c04562f05c3a9ac272

SHA256
a5dfe04002238654ecc7a65e3b634a372ca6558a3a12b409efaac25814f20396

SHA512
8f1ce4bf7d04ff71b2bad9e400d3d5b21163dc67848a84cb6ab6fb1733be13e46583037c33687f9bf165edcb2370eb0775eb69f7c6f66ef0ec406cfd3dfabdfa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e9b7233bd47b2833d964f6df8c357af8

SHA1
ebfb846cc1068d7501a7c27ec9b8e4063dae5100

SHA256
0f538f82e83e66bb62cf259747d5b61aeb165094c9c4dd729a1628a5480f925b

SHA512
5acc8dc6990e70ac50af6c436c3493fab129807b388b7d9f59cf7f86a6e2228beb9ce5afa126917b106579e7bd7f00c6f0ac0445b92fd26879f2d3c2bb32c66d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
8213c6d60909567ed7347c5828bc5505

SHA1
8da28e2233098834f7166fd838ffaf407e62c86c

SHA256
dc4837f75fa56134783616b6e1ba4d3bce0bea33272a3d877a554e54c1681631

SHA512
8ca7640ab3216cb660643652541b6bb2fe40e5d763a9af4a9b7d23bf8e22abc4e830db3d91c79bbf663e1e9da6a346227a4b9523ae2c9eaa04ade9944fd0d113

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
7249ee097e618dcd14f97fb29979874c

SHA1
be0ff6d55b8207fac081d7a3cb1cd813460dabd6

SHA256
4318f3c339d04f57b27cd59135d99eee055213cd2a69b2bbddab46e6c404bab1

SHA512
51ecd5c97c9bda8bccc12c417cf72425345351b8856ed7c5704d29d4381fd9049b88dc9fba5b17d0d645b9ad896233422b33669016a4372ce8b4f1eb395b93f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
5c729b654776ccd598dedb35fb2c22fd

SHA1
44ee149206781c05e62b2c468a7cf254fb995391

SHA256
2448c7c4d3b02a77ac0bf333e68c569b55cbcb87741c61a190e62bab222d59b0

SHA512
42f792e13e94c47e066238b06df4e52b8fd03e7d5cd8d479dfbc8e1ef3bf20e4f7d683beabb207019019d0c35233994ce877f27c47d6da2d95cbd1a972b99f33

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c2c8c0b94fc0f08c53b76596c217a35e

SHA1
3f0f7f72187d211ebda195b401515c405eba8470

SHA256
250199687956b17e925adae867d7443adfd3e9b497d1e3a52abb94754d8710ad

SHA512
2c76dd7e02508deebcd509a866fd8f4c2a8273b7d1d1f24ff6d8bf755b7dcb5813f78ad8e942b743b266509c8cb870e53be8324e8572dfc43547b28d3f23bb35

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
0e4fcb98449685bd9b6881ac6895ab46

SHA1
5f3fb54f72bcf52ade09595f60e0b2441c5c1386

SHA256
57ab27d384dbc36b5dfb250b9b0c94f99f8972094bc5ab2f71a6b0135e7f8c28

SHA512
834b3155270a9249b213099105ec035def9d8f2267d1a090ef72b98cca4c2c07fed0402ddc87622a2495ef2ff368efb2707577de1b2db1c6159f35039547b38d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
228KB

MD5
4c2ad360ca3c0e1f80994568e84314b5

SHA1
4be934db97083ff2036e4316f177f574ca82879d

SHA256
bbc31046ced75cce3f5a384571e1782a849dae9a474ad597c959374c0784ae32

SHA512
dd46babbf1548e5b32271bf902aabeec8f1538a0401a468bb3541c25a3fecc0080899afac3e74786a38e46fa1ce29d5a724a70d4b5e9d5a6a88cc73f6f6133cc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
228KB

MD5
72c0b223c2490f11ffff7233ac189414

SHA1
a18fad0db34794455112a5168ad2d5f73879bc4b

SHA256
a1795a421088d535fb4cfe01cbe63103af7e4aeb37537424338bb158304a661d

SHA512
21df275ab2c55f6eba9f2903fe99bb7fb1635eff8915ae5692a6c23a95ef8bca1fb2cabe25d9580762bc301952afa8c445e7e4ce33eceeb937fe6cd95fef04e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\d2dabcd0-2dad-41e4-ad18-34b8add08429.tmp

Filesize
228KB

MD5
6be8035ae86d445b2e16f6d12889a0a1

SHA1
780368ee7116997626fc3a9379b5eef8d94d72df

SHA256
b29878803cc5bf2a7aaa677c2b68bedecfb6d531998cd75da71b10de22de2395

SHA512
4e9f8cff4e085ffb5ba2cdced78ba5e44d980a79b47a29f1e6adee0da1c2d2687e2f62b3ebc6c06ccd937e5478bce791be8a072b9d9ab71e2c6e24c28e60ebae

Download Submit
C:\Users\Admin\Downloads\OC hcingenieria Pago1162024pdf.zip.crdownload

Filesize
629KB

MD5
d3f6f370abbf411c695a59776e1829b8

SHA1
dc2bacf1f48dc7810f493c9d2e7f6ca5b82a4e1c

SHA256
f8215c6a394bd1a540fe6aae3371d39a982a1691e821d0a64e67fa36929fe1d3

SHA512
1547e2d87dd16433484df2bb34f6fef3d9b36e7f6218c5be9569a2d1943600474c7f128d1a9ee404aed7649ec55ca28b0965414675adbf1667d1db7bf6737c59

Download Submit
C:\Users\Admin\Downloads\OC hcingenieria Pago1162024pdf.zip:Zone.Identifier

Filesize
471B

MD5
f7c30c89801b7fc4098741ff7e8c9b6a

SHA1
d38fe6b8aaf3880af4ad7d5ac793fce13514332f

SHA256
62ac527e57458e5b218ab43852b3acf48e720f63414a615af8ba79c385cc787f

SHA512
7b81a6eec290d07dbdb78b9b87890d338d7c188901359af2333290ca2196a39dba14e2075ed00c3a6457d3ccd021569c9c320f524ccdf80d4b226e1f29f9c3c3

Download Submit