b0d487ca4a08a06d53d060d75c18dba5ccb36bbff83bdfbc3ac240cc94ea3be0

Resubmissions

04/09/2024, 17:24

240904-vy38gsvgpg 3

04/09/2024, 17:20

240904-vwvtbstfrm 5

04/09/2024, 17:17

240904-vt6g2stfpq 3

Analysis

max time kernel
149s
max time network
151s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
04/09/2024, 17:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Breeze.exe
Size

13.0MB
MD5

ce475b31aff6ad6e7aaef78e0ae136e0
SHA1

f3a76df072903647428b48289434ff3e149a45e3
SHA256

b0d487ca4a08a06d53d060d75c18dba5ccb36bbff83bdfbc3ac240cc94ea3be0
SHA512

6fd93541a193cd1c02755cc1b389043c986951c63d0c49a60df62afe3335a2a49eccc8f6b52e9fb449e2322029e4e7aca140370ab383938c1633c0245c6203df
SSDEEP

98304:DYO6sMHbsx/8JMd1/RTjno+adQ6Z5EgveHluvNoT4S9tomfTYFNUWhb:DYOZ9xFdPQrdQ8rvsluv67amrYn/hb

Score

5^/10

discovery

Malware Config

Signatures

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_01cf530faf2f1752\display.PNF	chrome.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_01cf530faf2f1752\display.PNF	chrome.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133699440893770393"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\MuiCache	MiniSearchHost.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
4608	chrome.exe
4608	chrome.exe
4268	chrome.exe
4268	chrome.exe
4268	chrome.exe
4268	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
4608	chrome.exe
4608	chrome.exe
4608	chrome.exe
4608	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	4056	Breeze.exe
Token: SeShutdownPrivilege	4608	chrome.exe
Token: SeCreatePagefilePrivilege	4608	chrome.exe
Token: SeShutdownPrivilege	4608	chrome.exe
Token: SeCreatePagefilePrivilege	4608	chrome.exe
Token: SeShutdownPrivilege	4608	chrome.exe
Token: SeCreatePagefilePrivilege	4608	chrome.exe
Token: SeShutdownPrivilege	4608	chrome.exe
Token: SeCreatePagefilePrivilege	4608	chrome.exe
Token: SeShutdownPrivilege	4608	chrome.exe
Token: SeCreatePagefilePrivilege	4608	chrome.exe
Token: SeShutdownPrivilege	4608	chrome.exe
Token: SeCreatePagefilePrivilege	4608	chrome.exe
Token: SeShutdownPrivilege	4608	chrome.exe
Token: SeCreatePagefilePrivilege	4608	chrome.exe
Token: SeShutdownPrivilege	4608	chrome.exe
Token: SeCreatePagefilePrivilege	4608	chrome.exe
Token: SeShutdownPrivilege	4608	chrome.exe
Token: SeCreatePagefilePrivilege	4608	chrome.exe
Token: SeShutdownPrivilege	4608	chrome.exe
Token: SeCreatePagefilePrivilege	4608	chrome.exe
Token: SeShutdownPrivilege	4608	chrome.exe
Token: SeCreatePagefilePrivilege	4608	chrome.exe
Token: SeShutdownPrivilege	4608	chrome.exe
Token: SeCreatePagefilePrivilege	4608	chrome.exe
Token: SeShutdownPrivilege	4608	chrome.exe
Token: SeCreatePagefilePrivilege	4608	chrome.exe
Token: SeShutdownPrivilege	4608	chrome.exe
Token: SeCreatePagefilePrivilege	4608	chrome.exe
Token: SeShutdownPrivilege	4608	chrome.exe
Token: SeCreatePagefilePrivilege	4608	chrome.exe
Token: SeShutdownPrivilege	4608	chrome.exe
Token: SeCreatePagefilePrivilege	4608	chrome.exe
Token: SeShutdownPrivilege	4608	chrome.exe
Token: SeCreatePagefilePrivilege	4608	chrome.exe
Token: SeShutdownPrivilege	4608	chrome.exe
Token: SeCreatePagefilePrivilege	4608	chrome.exe
Token: SeShutdownPrivilege	4608	chrome.exe
Token: SeCreatePagefilePrivilege	4608	chrome.exe
Token: SeShutdownPrivilege	4608	chrome.exe
Token: SeCreatePagefilePrivilege	4608	chrome.exe
Token: SeShutdownPrivilege	4608	chrome.exe
Token: SeCreatePagefilePrivilege	4608	chrome.exe
Token: SeShutdownPrivilege	4608	chrome.exe
Token: SeCreatePagefilePrivilege	4608	chrome.exe
Token: SeShutdownPrivilege	4608	chrome.exe
Token: SeCreatePagefilePrivilege	4608	chrome.exe
Token: SeShutdownPrivilege	4608	chrome.exe
Token: SeCreatePagefilePrivilege	4608	chrome.exe
Token: SeShutdownPrivilege	4608	chrome.exe
Token: SeCreatePagefilePrivilege	4608	chrome.exe
Token: SeShutdownPrivilege	4608	chrome.exe
Token: SeCreatePagefilePrivilege	4608	chrome.exe
Token: SeShutdownPrivilege	4608	chrome.exe
Token: SeCreatePagefilePrivilege	4608	chrome.exe
Token: SeShutdownPrivilege	4608	chrome.exe
Token: SeCreatePagefilePrivilege	4608	chrome.exe
Token: SeShutdownPrivilege	4608	chrome.exe
Token: SeCreatePagefilePrivilege	4608	chrome.exe
Token: SeShutdownPrivilege	4608	chrome.exe
Token: SeCreatePagefilePrivilege	4608	chrome.exe
Token: SeShutdownPrivilege	4608	chrome.exe
Token: SeCreatePagefilePrivilege	4608	chrome.exe
Token: SeShutdownPrivilege	4608	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4608	chrome.exe
4608	chrome.exe
4608	chrome.exe
4608	chrome.exe
4608	chrome.exe
4608	chrome.exe
4608	chrome.exe
4608	chrome.exe
4608	chrome.exe
4608	chrome.exe
4608	chrome.exe
4608	chrome.exe
4608	chrome.exe
4608	chrome.exe
4608	chrome.exe
4608	chrome.exe
4608	chrome.exe
4608	chrome.exe
4608	chrome.exe
4608	chrome.exe
4608	chrome.exe
4608	chrome.exe
4608	chrome.exe
4608	chrome.exe
4608	chrome.exe
4608	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
4608	chrome.exe
4608	chrome.exe
4608	chrome.exe
4608	chrome.exe
4608	chrome.exe
4608	chrome.exe
4608	chrome.exe
4608	chrome.exe
4608	chrome.exe
4608	chrome.exe
4608	chrome.exe
4608	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4452	MiniSearchHost.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4608 wrote to memory of 2448	4608	chrome.exe	87
PID 4608 wrote to memory of 2448	4608	chrome.exe	87
PID 4608 wrote to memory of 4688	4608	chrome.exe	88
PID 4608 wrote to memory of 4688	4608	chrome.exe	88
PID 4608 wrote to memory of 4688	4608	chrome.exe	88
PID 4608 wrote to memory of 4688	4608	chrome.exe	88
PID 4608 wrote to memory of 4688	4608	chrome.exe	88
PID 4608 wrote to memory of 4688	4608	chrome.exe	88
PID 4608 wrote to memory of 4688	4608	chrome.exe	88
PID 4608 wrote to memory of 4688	4608	chrome.exe	88
PID 4608 wrote to memory of 4688	4608	chrome.exe	88
PID 4608 wrote to memory of 4688	4608	chrome.exe	88
PID 4608 wrote to memory of 4688	4608	chrome.exe	88
PID 4608 wrote to memory of 4688	4608	chrome.exe	88
PID 4608 wrote to memory of 4688	4608	chrome.exe	88
PID 4608 wrote to memory of 4688	4608	chrome.exe	88
PID 4608 wrote to memory of 4688	4608	chrome.exe	88
PID 4608 wrote to memory of 4688	4608	chrome.exe	88
PID 4608 wrote to memory of 4688	4608	chrome.exe	88
PID 4608 wrote to memory of 4688	4608	chrome.exe	88
PID 4608 wrote to memory of 4688	4608	chrome.exe	88
PID 4608 wrote to memory of 4688	4608	chrome.exe	88
PID 4608 wrote to memory of 4688	4608	chrome.exe	88
PID 4608 wrote to memory of 4688	4608	chrome.exe	88
PID 4608 wrote to memory of 4688	4608	chrome.exe	88
PID 4608 wrote to memory of 4688	4608	chrome.exe	88
PID 4608 wrote to memory of 4688	4608	chrome.exe	88
PID 4608 wrote to memory of 4688	4608	chrome.exe	88
PID 4608 wrote to memory of 4688	4608	chrome.exe	88
PID 4608 wrote to memory of 4688	4608	chrome.exe	88
PID 4608 wrote to memory of 4688	4608	chrome.exe	88
PID 4608 wrote to memory of 4688	4608	chrome.exe	88
PID 4608 wrote to memory of 3036	4608	chrome.exe	89
PID 4608 wrote to memory of 3036	4608	chrome.exe	89
PID 4608 wrote to memory of 4240	4608	chrome.exe	90
PID 4608 wrote to memory of 4240	4608	chrome.exe	90
PID 4608 wrote to memory of 4240	4608	chrome.exe	90
PID 4608 wrote to memory of 4240	4608	chrome.exe	90
PID 4608 wrote to memory of 4240	4608	chrome.exe	90
PID 4608 wrote to memory of 4240	4608	chrome.exe	90
PID 4608 wrote to memory of 4240	4608	chrome.exe	90
PID 4608 wrote to memory of 4240	4608	chrome.exe	90
PID 4608 wrote to memory of 4240	4608	chrome.exe	90
PID 4608 wrote to memory of 4240	4608	chrome.exe	90
PID 4608 wrote to memory of 4240	4608	chrome.exe	90
PID 4608 wrote to memory of 4240	4608	chrome.exe	90
PID 4608 wrote to memory of 4240	4608	chrome.exe	90
PID 4608 wrote to memory of 4240	4608	chrome.exe	90
PID 4608 wrote to memory of 4240	4608	chrome.exe	90
PID 4608 wrote to memory of 4240	4608	chrome.exe	90
PID 4608 wrote to memory of 4240	4608	chrome.exe	90
PID 4608 wrote to memory of 4240	4608	chrome.exe	90
PID 4608 wrote to memory of 4240	4608	chrome.exe	90
PID 4608 wrote to memory of 4240	4608	chrome.exe	90
PID 4608 wrote to memory of 4240	4608	chrome.exe	90
PID 4608 wrote to memory of 4240	4608	chrome.exe	90
PID 4608 wrote to memory of 4240	4608	chrome.exe	90
PID 4608 wrote to memory of 4240	4608	chrome.exe	90
PID 4608 wrote to memory of 4240	4608	chrome.exe	90
PID 4608 wrote to memory of 4240	4608	chrome.exe	90
PID 4608 wrote to memory of 4240	4608	chrome.exe	90
PID 4608 wrote to memory of 4240	4608	chrome.exe	90
PID 4608 wrote to memory of 4240	4608	chrome.exe	90
PID 4608 wrote to memory of 4240	4608	chrome.exe	90

C:\Users\Admin\AppData\Local\Temp\Breeze.exe
"C:\Users\Admin\AppData\Local\Temp\Breeze.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4056

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4452

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffc9e5cc40,0x7fffc9e5cc4c,0x7fffc9e5cc58
  2⤵
  PID:2448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1644,i,1481313718276627970,7641324756254874683,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=1640 /prefetch:2
  2⤵
  PID:4688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2036,i,1481313718276627970,7641324756254874683,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2112 /prefetch:3
  2⤵
  PID:3036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2180,i,1481313718276627970,7641324756254874683,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2192 /prefetch:8
  2⤵
  PID:4240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3080,i,1481313718276627970,7641324756254874683,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3092 /prefetch:1
  2⤵
  PID:3108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3100,i,1481313718276627970,7641324756254874683,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3140 /prefetch:1
  2⤵
  PID:1608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4428,i,1481313718276627970,7641324756254874683,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4440 /prefetch:1
  2⤵
  PID:4080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4732,i,1481313718276627970,7641324756254874683,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4776 /prefetch:8
  2⤵
  PID:656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4796,i,1481313718276627970,7641324756254874683,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4784 /prefetch:8
  2⤵
  PID:2096
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5100,i,1481313718276627970,7641324756254874683,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5060 /prefetch:1
  2⤵
  PID:1048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5088,i,1481313718276627970,7641324756254874683,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4984 /prefetch:8
  2⤵
  - Drops file in System32 directory
  - Suspicious behavior: EnumeratesProcesses
  PID:4268

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:3364

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4412

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
b5ad5caaaee00cb8cf445427975ae66c

SHA1
dcde6527290a326e048f9c3a85280d3fa71e1e22

SHA256
b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

SHA512
92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
1008B

MD5
d222b77a61527f2c177b0869e7babc24

SHA1
3f23acb984307a4aeba41ebbb70439c97ad1f268

SHA256
80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

SHA512
d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\8814a2a0-162d-4ed1-af21-f717f909b70f.tmp

Filesize
205KB

MD5
ec4a06b7272cf979ad6ed04826218e83

SHA1
2f3e3e378e89360f84df973f2f5380ff02284108

SHA256
186cddd2a064fe2063ad12786b2aef3f28ab62bbdb3eb4cb96b04701155f7cd9

SHA512
381daf4eeed24cb77148763412e434ebc7df753f6bae576b5b291c974399104496e2326f218dafeb066f91a9afdf4867eefdb870d912e9650b4552a4c1dd539a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\89336475-c5c7-4a06-aa9d-9ca41ca8261d.tmp

Filesize
9KB

MD5
233374cc9f4ba81d14eb018f7c235da9

SHA1
54f6896e16dbf685317487f6122960fe392239a8

SHA256
5b51ca90c6c9ba17bed2ea1b1f4b539f75223dac87872661238ddc8ba7a6cde0

SHA512
6ec539bda11a040db74dde8815f04e4c48df15dc9d9bc5ab74cfa500ab47554f6c39c303fa6e1496a8e8435f8da9e5393d65a1da593f930a45ae9af6a1e9b259

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
d260ad145d1f611653f4b5a7bb388f17

SHA1
8dcc06fbebd9bd42aac6ddb0e56f0bcdffeb8ac6

SHA256
887f4bcce1665edd4d51ab60a2b064b125ae6bd8276af12ce32bcae1b634d205

SHA512
88aa136dee03943af66bdc027fe09cc5b616d4e71eedbdb6d8ead1581a7618c6cf8fcfe512f0cceceb516c052fb92ea4fa1719649efec1861859003f9eb8480f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
211KB

MD5
e7226392c938e4e604d2175eb9f43ca1

SHA1
2098293f39aa0bcdd62e718f9212d9062fa283ab

SHA256
d46ec08b6c29c4ca56cecbf73149cc66ebd902197590fe28cd65dad52a08c4e1

SHA512
63a4b99101c790d40a813db9e0d5fde21a64ccaf60a6009ead027920dbbdb52cc262af829e5c4140f3702a559c7ac46efa89622d76d45b4b49a9ce01625ef145

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\194a0ba25f28e77d_0

Filesize
280B

MD5
749174cac6f0043c06e021718fdc3601

SHA1
5847f2e227ea0214d8046a2cde4fbb2b3a253cb1

SHA256
2c70a62af1d2f4e9fd65571524c02261e981577b525218df068bba68d6404829

SHA512
eebeb0fabe34d497c3a348e4e828c0ca1c1655d0ee4a48adc1959bb139ce19dbbef9603f9c2cb1a867b63b404f4aa142f5224a772ac29fae4da1cbb224cbf120

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\7cdf45c08cf9b58d_0

Filesize
19KB

MD5
47a0358c8e5371d5146b850bb924f73c

SHA1
ce98ad0b64da6f8196e2cab5c36b74cb5591f2e3

SHA256
3b49f130b797608e41f840867c0b8f7e60b522b2d306b1717b22aefad51567b3

SHA512
75d08cf435da042e6bb9cb7f7929adc820e06dd5ec51adf806693707ae22258b90f21933b8177cfb80c69e930845bd239519a05d210a8fa25435165fbf5410bc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
3f38fa2216e48dd17cb90b830667277d

SHA1
754d27d7b1c9ff78434912287fda5c2a554bcda8

SHA256
dcadcddc7e3632aade073e409134d88ee97acf178ae5215644bd21e9fbd388cf

SHA512
db4d258c876173bb9cb446835a8b378c9de65cf32ac282ef2acbb81ea13931b4a61e91968cc71e4e2cdabda3342a4492cab84bffcd54aa03e5ce46b8013b8b85

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
39764ba6de27ed7a525e4cb06e0e41de

SHA1
97f64fa6d44719dda5c76fd00f653118561bde3a

SHA256
c40d0e15043e6bb79c0d4521b97ce22f5a09c52b4e70a1ceb4bb6c8f124662e9

SHA512
8671004b348e3d1a87b21cf22cf3688488cebbea52d0a30c202bc6da9abf716d82bab2872b20e3414a667bbc5f9496e200200c57c742d8f28de0fac22cf7081c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
4aac2c69e142507d6bdcad529ae9207d

SHA1
3c5d20cad073a7667448925fdd285b47189f2e25

SHA256
222f2a4c5753bf3b30cf3db595f2a0931595c61a18a239fac0c52b6df36cb2fe

SHA512
3bc8d414361815affacf770ce93ff177f5eab76233367d2dbb80b899f758865227db3b339f96f75c624182bc479f1eadb90e64116d1e1932061bbcda28b2a945

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
96b9ae718e87628cc1c4019a173f2327

SHA1
a7fbeca9bd3bdda54b25b390059da6c95b73b2ff

SHA256
d2cbce9a96aa80b7361d4fffecd0ba83286ae11f37f5e5c768864563e601c14c

SHA512
7f5ffc6d8c5a52fcc552f3b62f5468f1baee54cb7a36ef8d3fc2e4e054f03265e0c18b27f81dc559f33af77039a265b88e823cd26f40e27da49139ff8e8e8b7b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
1e3c843f68e54db6fb7075047fa2c260

SHA1
7132cf4f6e50344edfca955827fac6a83b375514

SHA256
70d528dff6d86a0f7a2738c57026a737899e60606bc62367db2e468a62cc0755

SHA512
be74c47b0e079b03ce6ec866be549b3be00738f9d918b71e5b59d5ce078d7292ff18b21626c4a0fe430aa0ab1380c207c70a39d930c8630f51231d61e73ce938

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
1c369658c652e9aeaa439ec91e1f2a85

SHA1
150c6314c12d78e21d712ac42decfe7a0d68bd7d

SHA256
15188f613fdf7983bcab0cce92659f49475dfb6b719ee39bde4e70bd4512cc3c

SHA512
2b95f4ff2005138d8b1c964d253333bd1f6a369b127eae2127e5831f4db4406a75a9390245f41d6eb9bcdd4cc06fd0638c4b207f4f14edfd69d2e960689a3903

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
2dbcd654eb94ca911507e87b8197a862

SHA1
c2d3d9199977bda68a5b04f0cca75d314d96f10d

SHA256
373f73a847681f6840a7e2c32a8556dc51497931cf6e5e44c0842efc9f04ec0e

SHA512
788158a70ed462621eed3ce16949534d1cd5d41df6a2b7e369b9fd752d20a19af776413616f2790dcbaa1c91d8ab63bbf59ab708741984505fdc32644029861d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e48878bfb7f28166da052933d0580f98

SHA1
6c90dc8c6f1613b78d1fb1f9d8cf084e96ee2949

SHA256
71eb40f20e840c15d2a2e67c8fd7797560e759b70a5b04e09b6878bd3d788261

SHA512
847d546ecca6054833b032a2becb9e1778b43aadeb8b2890dc5a24f3ef56f0e260c81e860c18c45e5366508541a9cc44486187e9b087e37b9d1a1c967b506816

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
779bdc69ceef706ba67052e149252a93

SHA1
05a97a48cc56e555946a5ec2cf965ab05196b020

SHA256
cdb0aef86f5ce10ec818670a8155ca18ab4611a512f4c7beea79e28ab461e357

SHA512
343ad5b86653e00475a71032ffc8a3f9d9aaf894f7fdc8a5742845c63d64e64ab68de77e79c8824eee7321558005466ef0eeae712efa591f9fbfa085dcc3b674

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
251b809b1498d946381576c8c9961bcf

SHA1
aad2ca7dab96bbe34506ea8bd4e730d58403e683

SHA256
94c9aa68ed03ce13e30aa7eb483668a0a28480d8f5790a176b9247a81f2f69d7

SHA512
efc35a313c83aac5fe8670b02466d300dc98cafcd2f9b0c6f23e1fddcc22a4290a047882ce02605866a041a783d298f00b11f129dc0fcb0badc974b82e4383b0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
29250d380a6fd7f9354dc30abb8b505d

SHA1
eb0961167db8bf26f62e175eedffa6d0d0acc2cf

SHA256
ec79da0a73d5dbc433c204b2629cb2bcc31c4edc3318bfcd396f3552c7d242ca

SHA512
d4d7104c32fae99eb0ea863725e38f28737ea7a0b5b928d6d0061fb5728fd810a49b1584bd2ada7f708575db39b61d293af09df22bf783cc6c2e876d0fec14f0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
65dc842030c557565b977339bf1ca65e

SHA1
a10dff5722e92cf28d9680171c5da8fb5b3bc8f5

SHA256
c70f5d11fdfa75e6b8f7dc647922efdc3c1dd48847dffa768f2da85b87849413

SHA512
52f7ae6cf7a00593f21577b1f3d501e60ecc666a31e2932dcdd27db6713b38eb683fb95c73f4bcebf2f3e7463232ed14f01e88e7d3ee1c55a4cd4ac5f990034b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
2a6833892d487e7624f3698beaf2ec17

SHA1
e215f25ab2db8cfcf4bc4b8319cd341e61b99513

SHA256
80d7de48407a977b3214340868f1e574b20bad15d2d094b893e21dba27ac6d75

SHA512
efdd26b9cb9c8be0eeb20295c9eb61f5adcb305954334c1fade7fd1c597bfd6c08655323cff1b004ef320e978a081eef0a5a64b2159d25fe76625a6dd1d07a38

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
6756ef92b71ae183c136d44c4c910b2e

SHA1
daeca00757521582b0a2656767cdc66be13f0ef7

SHA256
4893005b392ad6818a4046b6185bbf4188a2510f31c6e6f6996831cc1788074d

SHA512
d59c64cddf6b881a229afb9bc5ec0e9b743389210bbfa89dcf3f685219bcba94c0bfed8c3bf686511cfe1246d2b41dadb64a21f832fecaf38850408e9f14e03c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\a6f93c3d-41d5-4c3f-9046-5747e47f603b.tmp

Filesize
205KB

MD5
09a6096f380010136fa2217fe4651cc3

SHA1
33dc440db4358c0ba5990fe67b4f4ee50065ad94

SHA256
3cc267a1d4340129fcc2a8956ddd359a1805b4f97cbc334e26189e6391f9f4cb

SHA512
1739e637475fa4179dd0ca6e45f668484c0221a7df0dff3055bf7b2297cd873c19d113344178ac9acca1f8d74bbfed886f4dc92b224b79e4189013a795fb3862

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
10KB

MD5
eed1599235b9dd933e13cbd5751d7eec

SHA1
d461f7edc8bdb31b672f97b18d34e38bb7c96c4b

SHA256
13ee96f0fd8b45de1603cea7aa86ddaa749ea580989d6cb806d944f3547fbf43

SHA512
9679690676ef1ede8030e26359381a092eaec7cb671d51e91d8cd446006301bcb98518b977fd5d475e777baa11dd28e69135c517e3b3d74475134bfed4e8da9e

Download Submit
memory/4056-0-0x00007FFFC2B6B000-0x00007FFFC2B6C000-memory.dmp

Filesize
4KB

Download