hxxps://github[.]com/iamtraction/ZOD/archive/refs/heads/master[.]zip

Analysis

max time kernel
45s
max time network
109s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
18/04/2024, 21:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/iamtraction/ZOD/archive/refs/heads/master.zip

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2724	chrome.exe
2724	chrome.exe
2504	chrome.exe
2504	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2724	chrome.exe
Token: SeShutdownPrivilege	2724	chrome.exe
Token: SeShutdownPrivilege	2724	chrome.exe
Token: SeShutdownPrivilege	2724	chrome.exe
Token: SeShutdownPrivilege	2724	chrome.exe
Token: SeShutdownPrivilege	2724	chrome.exe
Token: SeShutdownPrivilege	2724	chrome.exe
Token: SeShutdownPrivilege	2724	chrome.exe
Token: SeShutdownPrivilege	2724	chrome.exe
Token: SeShutdownPrivilege	2724	chrome.exe
Token: SeShutdownPrivilege	2724	chrome.exe
Token: SeShutdownPrivilege	2724	chrome.exe
Token: SeShutdownPrivilege	2724	chrome.exe
Token: SeShutdownPrivilege	2724	chrome.exe
Token: SeShutdownPrivilege	2724	chrome.exe
Token: SeShutdownPrivilege	2724	chrome.exe
Token: SeShutdownPrivilege	2724	chrome.exe
Token: SeShutdownPrivilege	2724	chrome.exe
Token: SeShutdownPrivilege	2724	chrome.exe
Token: SeShutdownPrivilege	2724	chrome.exe
Token: SeShutdownPrivilege	2724	chrome.exe
Token: SeShutdownPrivilege	2724	chrome.exe
Token: SeShutdownPrivilege	2724	chrome.exe
Token: SeShutdownPrivilege	2724	chrome.exe
Token: SeShutdownPrivilege	2724	chrome.exe
Token: SeShutdownPrivilege	2724	chrome.exe
Token: SeShutdownPrivilege	2724	chrome.exe
Token: SeShutdownPrivilege	2724	chrome.exe
Token: SeShutdownPrivilege	2724	chrome.exe
Token: SeShutdownPrivilege	2724	chrome.exe
Token: SeShutdownPrivilege	2724	chrome.exe
Token: SeShutdownPrivilege	2724	chrome.exe
Token: SeShutdownPrivilege	2724	chrome.exe
Token: SeShutdownPrivilege	2724	chrome.exe
Token: SeShutdownPrivilege	2724	chrome.exe
Token: SeShutdownPrivilege	2724	chrome.exe
Token: SeShutdownPrivilege	2724	chrome.exe
Token: SeShutdownPrivilege	2724	chrome.exe
Token: SeShutdownPrivilege	2724	chrome.exe
Token: SeShutdownPrivilege	2724	chrome.exe
Token: SeShutdownPrivilege	2724	chrome.exe
Token: SeShutdownPrivilege	2724	chrome.exe
Token: SeShutdownPrivilege	2724	chrome.exe
Token: SeShutdownPrivilege	2724	chrome.exe
Token: SeShutdownPrivilege	2724	chrome.exe
Token: SeShutdownPrivilege	2724	chrome.exe
Token: SeShutdownPrivilege	2724	chrome.exe
Token: SeShutdownPrivilege	2724	chrome.exe
Token: SeShutdownPrivilege	2724	chrome.exe
Token: SeShutdownPrivilege	2724	chrome.exe
Token: SeShutdownPrivilege	2724	chrome.exe
Token: SeShutdownPrivilege	2724	chrome.exe
Token: SeShutdownPrivilege	2724	chrome.exe
Token: SeShutdownPrivilege	2724	chrome.exe
Token: SeShutdownPrivilege	2724	chrome.exe
Token: SeShutdownPrivilege	2724	chrome.exe
Token: SeShutdownPrivilege	2724	chrome.exe
Token: SeShutdownPrivilege	2724	chrome.exe
Token: SeShutdownPrivilege	2724	chrome.exe
Token: SeShutdownPrivilege	2724	chrome.exe
Token: SeShutdownPrivilege	2724	chrome.exe
Token: SeShutdownPrivilege	2724	chrome.exe
Token: SeShutdownPrivilege	2724	chrome.exe
Token: SeShutdownPrivilege	2724	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2504	chrome.exe
2504	chrome.exe
2504	chrome.exe
2504	chrome.exe
2504	chrome.exe
2504	chrome.exe
2504	chrome.exe
2504	chrome.exe
2504	chrome.exe
2504	chrome.exe
2504	chrome.exe
2504	chrome.exe
2504	chrome.exe
2504	chrome.exe
2504	chrome.exe
2504	chrome.exe
2504	chrome.exe
2504	chrome.exe
2504	chrome.exe
2504	chrome.exe
2504	chrome.exe
2504	chrome.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2504	chrome.exe
2504	chrome.exe
2504	chrome.exe
2504	chrome.exe
2504	chrome.exe
2504	chrome.exe
2504	chrome.exe
2504	chrome.exe
2504	chrome.exe
2504	chrome.exe
2504	chrome.exe
2504	chrome.exe
2504	chrome.exe
2504	chrome.exe
2504	chrome.exe
2504	chrome.exe
2504	chrome.exe
2504	chrome.exe
2504	chrome.exe
2504	chrome.exe
2504	chrome.exe
2504	chrome.exe
2504	chrome.exe
2504	chrome.exe
2504	chrome.exe
2504	chrome.exe
2504	chrome.exe
2504	chrome.exe
2504	chrome.exe
2504	chrome.exe
2504	chrome.exe
2504	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2728	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2724 wrote to memory of 2344	2724	chrome.exe	28
PID 2724 wrote to memory of 2344	2724	chrome.exe	28
PID 2724 wrote to memory of 2344	2724	chrome.exe	28
PID 2724 wrote to memory of 2512	2724	chrome.exe	30
PID 2724 wrote to memory of 2512	2724	chrome.exe	30
PID 2724 wrote to memory of 2512	2724	chrome.exe	30
PID 2724 wrote to memory of 2512	2724	chrome.exe	30
PID 2724 wrote to memory of 2512	2724	chrome.exe	30
PID 2724 wrote to memory of 2512	2724	chrome.exe	30
PID 2724 wrote to memory of 2512	2724	chrome.exe	30
PID 2724 wrote to memory of 2512	2724	chrome.exe	30
PID 2724 wrote to memory of 2512	2724	chrome.exe	30
PID 2724 wrote to memory of 2512	2724	chrome.exe	30
PID 2724 wrote to memory of 2512	2724	chrome.exe	30
PID 2724 wrote to memory of 2512	2724	chrome.exe	30
PID 2724 wrote to memory of 2512	2724	chrome.exe	30
PID 2724 wrote to memory of 2512	2724	chrome.exe	30
PID 2724 wrote to memory of 2512	2724	chrome.exe	30
PID 2724 wrote to memory of 2512	2724	chrome.exe	30
PID 2724 wrote to memory of 2512	2724	chrome.exe	30
PID 2724 wrote to memory of 2512	2724	chrome.exe	30
PID 2724 wrote to memory of 2512	2724	chrome.exe	30
PID 2724 wrote to memory of 2512	2724	chrome.exe	30
PID 2724 wrote to memory of 2512	2724	chrome.exe	30
PID 2724 wrote to memory of 2512	2724	chrome.exe	30
PID 2724 wrote to memory of 2512	2724	chrome.exe	30
PID 2724 wrote to memory of 2512	2724	chrome.exe	30
PID 2724 wrote to memory of 2512	2724	chrome.exe	30
PID 2724 wrote to memory of 2512	2724	chrome.exe	30
PID 2724 wrote to memory of 2512	2724	chrome.exe	30
PID 2724 wrote to memory of 2512	2724	chrome.exe	30
PID 2724 wrote to memory of 2512	2724	chrome.exe	30
PID 2724 wrote to memory of 2512	2724	chrome.exe	30
PID 2724 wrote to memory of 2512	2724	chrome.exe	30
PID 2724 wrote to memory of 2512	2724	chrome.exe	30
PID 2724 wrote to memory of 2512	2724	chrome.exe	30
PID 2724 wrote to memory of 2512	2724	chrome.exe	30
PID 2724 wrote to memory of 2512	2724	chrome.exe	30
PID 2724 wrote to memory of 2512	2724	chrome.exe	30
PID 2724 wrote to memory of 2512	2724	chrome.exe	30
PID 2724 wrote to memory of 2512	2724	chrome.exe	30
PID 2724 wrote to memory of 2512	2724	chrome.exe	30
PID 2724 wrote to memory of 2784	2724	chrome.exe	31
PID 2724 wrote to memory of 2784	2724	chrome.exe	31
PID 2724 wrote to memory of 2784	2724	chrome.exe	31
PID 2724 wrote to memory of 2604	2724	chrome.exe	32
PID 2724 wrote to memory of 2604	2724	chrome.exe	32
PID 2724 wrote to memory of 2604	2724	chrome.exe	32
PID 2724 wrote to memory of 2604	2724	chrome.exe	32
PID 2724 wrote to memory of 2604	2724	chrome.exe	32
PID 2724 wrote to memory of 2604	2724	chrome.exe	32
PID 2724 wrote to memory of 2604	2724	chrome.exe	32
PID 2724 wrote to memory of 2604	2724	chrome.exe	32
PID 2724 wrote to memory of 2604	2724	chrome.exe	32
PID 2724 wrote to memory of 2604	2724	chrome.exe	32
PID 2724 wrote to memory of 2604	2724	chrome.exe	32
PID 2724 wrote to memory of 2604	2724	chrome.exe	32
PID 2724 wrote to memory of 2604	2724	chrome.exe	32
PID 2724 wrote to memory of 2604	2724	chrome.exe	32
PID 2724 wrote to memory of 2604	2724	chrome.exe	32
PID 2724 wrote to memory of 2604	2724	chrome.exe	32
PID 2724 wrote to memory of 2604	2724	chrome.exe	32
PID 2724 wrote to memory of 2604	2724	chrome.exe	32
PID 2724 wrote to memory of 2604	2724	chrome.exe	32

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/iamtraction/ZOD/archive/refs/heads/master.zip
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef70a9758,0x7fef70a9768,0x7fef70a9778
  2⤵
  PID:2344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1124 --field-trial-handle=1288,i,12675864379395387005,12451320799774032269,131072 /prefetch:2
  2⤵
  PID:2512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1500 --field-trial-handle=1288,i,12675864379395387005,12451320799774032269,131072 /prefetch:8
  2⤵
  PID:2784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1532 --field-trial-handle=1288,i,12675864379395387005,12451320799774032269,131072 /prefetch:8
  2⤵
  PID:2604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2108 --field-trial-handle=1288,i,12675864379395387005,12451320799774032269,131072 /prefetch:1
  2⤵
  PID:2420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2116 --field-trial-handle=1288,i,12675864379395387005,12451320799774032269,131072 /prefetch:1
  2⤵
  PID:2428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1300 --field-trial-handle=1288,i,12675864379395387005,12451320799774032269,131072 /prefetch:2
  2⤵
  PID:1264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3640 --field-trial-handle=1288,i,12675864379395387005,12451320799774032269,131072 /prefetch:8
  2⤵
  PID:2588
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3656 --field-trial-handle=1288,i,12675864379395387005,12451320799774032269,131072 /prefetch:8
  2⤵
  PID:1192

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2320

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef70a9758,0x7fef70a9768,0x7fef70a9778
  2⤵
  PID:2248
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1164 --field-trial-handle=1212,i,649275099553953586,5585617443550992757,131072 /prefetch:2
  2⤵
  PID:2244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1500 --field-trial-handle=1212,i,649275099553953586,5585617443550992757,131072 /prefetch:8
  2⤵
  PID:1860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1556 --field-trial-handle=1212,i,649275099553953586,5585617443550992757,131072 /prefetch:8
  2⤵
  PID:1320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2140 --field-trial-handle=1212,i,649275099553953586,5585617443550992757,131072 /prefetch:1
  2⤵
  PID:1604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2384 --field-trial-handle=1212,i,649275099553953586,5585617443550992757,131072 /prefetch:1
  2⤵
  PID:2836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1372 --field-trial-handle=1212,i,649275099553953586,5585617443550992757,131072 /prefetch:2
  2⤵
  PID:1676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3004 --field-trial-handle=1212,i,649275099553953586,5585617443550992757,131072 /prefetch:1
  2⤵
  PID:2080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3480 --field-trial-handle=1212,i,649275099553953586,5585617443550992757,131072 /prefetch:8
  2⤵
  PID:1960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3504 --field-trial-handle=1212,i,649275099553953586,5585617443550992757,131072 /prefetch:8
  2⤵
  PID:2304
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3568 --field-trial-handle=1212,i,649275099553953586,5585617443550992757,131072 /prefetch:8
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:2728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3872 --field-trial-handle=1212,i,649275099553953586,5585617443550992757,131072 /prefetch:1
  2⤵
  PID:2880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=2556 --field-trial-handle=1212,i,649275099553953586,5585617443550992757,131072 /prefetch:1
  2⤵
  PID:1468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3448 --field-trial-handle=1212,i,649275099553953586,5585617443550992757,131072 /prefetch:1
  2⤵
  PID:1648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1108 --field-trial-handle=1212,i,649275099553953586,5585617443550992757,131072 /prefetch:8
  2⤵
  PID:1136
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3884 --field-trial-handle=1212,i,649275099553953586,5585617443550992757,131072 /prefetch:8
  2⤵
  PID:1132

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1628

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\7b4d838c-8aed-48b1-a439-839e4f52954f.tmp

Filesize
130KB

MD5
c61b43c961c162934058381a739dc043

SHA1
0fec5f45db20ff6c55eb47fda6e7650847d86c00

SHA256
9c85ddbeaf455d3330da367e6eeae902310a14cda1156efb1fadb8945f4bd159

SHA512
83a5db55cf3c51d9036f1cfafaa4e975af22c7d5b4a00c58d01de783c69575c180e44aba605e76095b376bcbcb1c749bc059db2fd1d8223f8a93850ebc3a68f2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
ecd8ebd0d441c0b49b641fbcd5444d17

SHA1
75760164655f0e440880cfb868a10a01b67b6c90

SHA256
f46d8cdf1812d342e3b49ee242fdba78935d597ccdf86989d165e28696cf62b7

SHA512
99913f343bc9df93bcd6d789c4ddb2378e7f49778836e844bee55de79a98c39a9793331a22c2e6b6f171fd3289c77586a4e32b9d9bbcefd68a0029f6d11d2256

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_0

Filesize
44KB

MD5
a6e31e7ec8681c2eb3c62118d06d1d70

SHA1
fab8643daee35abf3eaf54e6e18c93872c4c8734

SHA256
0d39f33684d34cd53a88a50a044191484ec8ca5b0fd2039437b87300c35d027f

SHA512
64f1dae05b9b02fc768d8b888948a746e9cf2f6492eaa23a7e696518c6fbe7288d1f4a2ffcf66d7cb5d19094be6dac50c9c8a39c13ad246f4b2291c1644ecb3f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_1

Filesize
264KB

MD5
80d2363754a09dc874ec72a40041a09c

SHA1
eef1f752810b1490c1d847ecdc438c96e95a3d85

SHA256
e6d73e8a54d962bffe819b052e49cf2d037257c11af88f8b3117b84afef44ef6

SHA512
f0aa269226b1dd80ac8f94790dbe82b6f0d4e71b495357bcbfd0cb5b898a49ddb9689f6cb269985d38face69095fffd5bf58cf7aee76976bb9acca62d5621f7c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_3

Filesize
4.0MB

MD5
c883ae1d8269bb30c283a824426c363d

SHA1
0110e3ad322b7c2736fed348fa56bd15cb937791

SHA256
ba5d59cc2d6583c4b5ce2cf5da7cb95a0f0f3b7db646896208faf775da7f59dd

SHA512
3e3e84fea148916a11a1900b3c93cb0bcf885bea5f5879186abec9558c0a0a1ba01ca1d808c4dc89d3bdeb642ada4202b818f0bc046ea8974271a7c6f37194e8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG

Filesize
136B

MD5
392db1babd0c0184d611426d72513b6b

SHA1
85999c9ea7524c909ee82f855ac6e7d867e92d36

SHA256
63a460528dced720bf1a41789c4feb84c91d0c46d6659d37587e135a147961d5

SHA512
fdb1faba918a523710091ff84de98e7e2cf3ab7789f1a24861ac3638d0b9955c995302f8aac93550e5b7670f8242235c332948dbadfd88bb18f9b303ed6a8da4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\MANIFEST-000007

Filesize
50B

MD5
1be22f40a06c4e7348f4e7eaf40634a9

SHA1
8205ec74cd32ef63b1cc274181a74b95eedf86df

SHA256
45a28788cde0d2a0232d19c391eae45777fe640790ac0674d6daa5672c444691

SHA512
b8f6f42d375e3ad8015d744fa2814994fa6e588b41cce0131fca48194dd40146b08169a8ce0da350525ff32a59a16edb503c72e0f07254955c82a0d38074856e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\LOG

Filesize
136B

MD5
7839e3565414049086e405f270bdc201

SHA1
5f778f8c3815a945f75fd36d41b30bb33e03419f

SHA256
1e9c2afcafd16915c832db0642e1eea5d1b17cb9c70ceb9aef13426093d8e138

SHA512
a15591e965ad4a44ca18442938b6598fce916f5f18fa5161f97ff34607973d2f6c7b6e1bc2cb3d3cf0cf24a7c38feb41f43db5e7490816b3d7116bfb0ea3f68d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\History

Filesize
148KB

MD5
c67bb9caf1d82ba7db70c56b4a2b3ee0

SHA1
7f11207ef94d322e2e352f93670a903b1c7af701

SHA256
50e0073cec54df6a45e00e14b08510ee03171491213bc50a832f78c0a7eb6d91

SHA512
6e2bd98d6a164d52cd6b39e2efaf4577165e39f3030ca63ca2c7e6d6622e7fc4a16946ec344d7e1c192c749873c65aeab22b71ca9f329dd66400b76233f189f5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\CURRENT

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG

Filesize
136B

MD5
14de257a7e934c710d73f5de48a60a09

SHA1
575cfd0cf1cf60f60a106c75e9b6b3930dce57ed

SHA256
eab7a08a18ddcaccb4875e7aec772949580d1b764d1c6a5764bcb61b5fbecef5

SHA512
bffd3aae80a91581bb59de7eddac7049f290ae3871333e1cbd214a67fe7229ac3d103610a4972307317925d5a141315d24b4e5b744ff97c72df3222a9ac05fbf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\MANIFEST-000006

Filesize
50B

MD5
78c55e45e9d1dc2e44283cf45c66728a

SHA1
88e234d9f7a513c4806845ce5c07e0016cf13352

SHA256
7b69a2bee12703825dc20e7d07292125180b86685d2d1b9fd097df76fc6791ec

SHA512
f2ad4594024871286b98a94223b8e7155c7934ef4ebb55f25a4a485a059f75b572d21bc96e9b48ed394be8a41fe0208f7bfb6e28a79d75640c5b684f0c848fe3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
629B

MD5
620bd0900011ceb20f3927f638a685bc

SHA1
6102addf2d9750e1520bcba5285601e4dba470ef

SHA256
aa5c1b1d5fbb88f244d93a7bd7a071ad86ccdd30cdf9aeccfea0af4ecc128f6e

SHA512
601094fa67c3c0e7f02aba8d5b4fb97d02a6205e91e4f513793afdf2969806dc1b26f229182c5fd967efe48344a1b487aa861167e581cb9aceb19afee08ecf71

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
686B

MD5
181ce3071876c344408a5d322a1dfdfb

SHA1
6d3f17111a7b3dfba4371ec457400bb01e8f13ea

SHA256
3380e1f7430554043510fd1dadc6461751efff0d0f1805552612b1d455919d64

SHA512
1f725b51ba157f46b877a319bcd44678565568f98c5d2b89e41559b49953e81907cd265d7cc710794b9c7572ed8fbf3db07ecd28986c636dc1b4285370b3a39a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
686B

MD5
a60352932cb1450cf999178a615b7da3

SHA1
606fb714e95b0b78dda6d37e10b29d9d2d45517d

SHA256
267cae9518f242769f4dfff3db1b3034f90056d0f8e3c70f332651f72f704fe8

SHA512
0685472527cc8565edeabda7d323524b65bdc524d7a0ba1a3d28e43ece313a312e31d18e5170d5624334e582e17e7410d1e58039a184fe2a94c88602f9daea96

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
686B

MD5
0c5e442472a84321128ccae3b5710434

SHA1
c62c613fce46e05921876a8470b6daa993aa9132

SHA256
eed66ce994b2da7304e4ba0777627c78c7804dc796750fcde9221ee3193dbe1d

SHA512
0cd5c724664540edb86f616c423df8b698817b5c284a189ff786d5cb1e2d70448d3d3bb8bb2df1d238cc623499d22580c6e6455ca1550d434d41c922fa3d09ca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
c7221440eb6449c975482a2843d4ac07

SHA1
10352c1d1fab616596b829259bfabba9d5871a1c

SHA256
47af21aeb07af96e5c1e4b649e036acc8e7727ec6f2410f99b654aeb1eacb424

SHA512
22b1913e3931a90015df92821363f0145161f4e5d18f65beeb84ae81a59dd880e7dd6b3b2dd125a4747dcc2d73de0efb7fa8936f7221b59270edffc69dfd202b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
9e302856def0a8a0aa178a63334bd91e

SHA1
ceef7c1587d7f8780b8363847a0d4fc310c4eec3

SHA256
cd126c196be516381d7561f9608a5555d88f63aa8cb020d988a4060cb12b7f57

SHA512
96a793a1c1f39281e451f6055bb438492e3fc0b7dbd67065e124bc99470d46b5a1d2bb77b59ba80e9c6ea4134a3b94fbda898c690dc70812e17c89c03258e43d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
78643793bc45ba74a387c5ee964bf187

SHA1
5dc299caa1f9a758cf7d05777da1dbb52b65f06f

SHA256
b8e671d21ecd41c95af55bf230aa558df89fbb236c44ec7fc6072ec98a44aba1

SHA512
4428490bedc8e978c7cd47296171fe1c43c731e6910fcf5ed40b7341a70fc74b02d4891b252363118767d4f9da3a2639243bf23f00ba28936a9a27abb105532e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
5724f7f0b403c1f855a274088cd7ddb4

SHA1
eb0598af3f452dae821460c2eb910efa02bcca0c

SHA256
f46baddc25d1592339789cb7cc0de16060ccd994f0befaf246c88228247dd224

SHA512
dbd17a89e7f4ed9a68eefe2a76ee8461646c1c13953f1790780847f55c6118a4b701e10342e12bef98a9bde8e0db82b0102d6428281befa66af76496bc9ea823

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\000009.log

Filesize
38B

MD5
e9c694b34731bf91073cf432768a9c44

SHA1
861f5a99ad9ef017106ca6826efe42413cda1a0e

SHA256
01c766e2c0228436212045fa98d970a0ad1f1f73abaa6a26e97c6639a4950d85

SHA512
2a359571c4326559459c881cba4ff4fa9f312f6a7c2955b120b907430b700ea6fd42a48fbb3cc9f0ca2950d114df036d1bb3b0618d137a36ebaaa17092fe5f01

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG

Filesize
247B

MD5
4a5dd905e2cfd8114c0870bbb9eba5c0

SHA1
ee98942b6b969778b751a6978855649d969b968f

SHA256
edcdf59a0cb7cc16c4b4812da9318558390c3ece07392548d93f78eb38496cde

SHA512
94b5caeaf911bf195ec5095f7c9e9a8f13f56031b4106bdc1e243c6cf118067712021a6b7360e36de5ccdd7f77e1735bc9962f1d717beeb872e0cb7d585d7d9b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\MANIFEST-000007

Filesize
90B

MD5
b6d5d86412551e2d21c97af6f00d20c3

SHA1
543302ae0c758954e222399987bb5e364be89029

SHA256
e0b2fdc217d9c571a35f41c21ed2596309f3f00a7297a8d1ded05f54f0e68191

SHA512
5b56ae73a61add9e26f77d95c9b823f82a7fcdc75eed64b388fb4967f5c6c42cb0796b0b99dc25c89f38952786176c10d173dec7862a8a5ce5f820280f72d665

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sessions\Session_13357951166337200

Filesize
418B

MD5
c9dc4a32544809670428418a3fb26902

SHA1
d98bb8937710ac99ada3fb625b85b1d154c99768

SHA256
4acf24cf86989df64121906513e61068965fcf42063c47e24f485f594f0633e7

SHA512
9521d936d5e0fc46fa2b4e0969d246b71103c17ae8f51162922abda29d329530632dd30d0ba561666d312ed3d78bc090f58d736fdb4965c117d3531d4e16bc2e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG

Filesize
136B

MD5
9eaa30f3fafcc8982522871d50f88918

SHA1
1d701ced0b554c5d0dfcb17b9e1e67a6c33cab0a

SHA256
a1e09c65e416b8946cc2613f46cd752bb2a9e0e77298df69793578229da692de

SHA512
a0d411ebd87fbb4b9b8241a2c33121ec382254118a5d3fb6c6722ff6857793aaa48c9f1e29c8f4cc3cbbf7ccceba1a789ec965b16723bb2f7b1f17269eeefbf7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\MANIFEST-000007

Filesize
107B

MD5
22b937965712bdbc90f3c4e5cd2a8950

SHA1
25a5df32156e12134996410c5f7d9e59b1d6c155

SHA256
cad3bbec41899ea5205612fc1494fa7ba88847fb75437a2def22211a4003e2eb

SHA512
931427ad4609ab4ca12b2ee852d4965680f58602b00c182a2d340acf3163d888be6cfad87ca089f2b47929ddfa66be03ab13a6d24922397334d6997d4c8ede3b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000009.dbtmp

Filesize
16B

MD5
979c29c2917bed63ccf520ece1d18cda

SHA1
65cd81cdce0be04c74222b54d0881d3fdfe4736c

SHA256
b3524365a633ee6d1fa9953638d2867946c515218c497a5ec2dbef7dc44a7c53

SHA512
e38f694fd6ab9f678ae156528230d7a8bfb7b59a13b227f59f9c38ab5617db11ebb6be1276323a905d09c4066a3fe820cf58077ab48bf201f3c467a98516ee7a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG

Filesize
136B

MD5
b07e2429eafade3d1dd2812596bcf908

SHA1
8fdcad796c2aac4c8ccf1c42b02fab3e21f8b0ff

SHA256
6b9625a2b8b66467f575f60ff0cc1ab93e8774e81f637ee23caa8090c3a9b00d

SHA512
21042362f3050c1fb4f717c5b1818ed042d0091ec4bdc53a3ad27668ade6edda8ef017275353439ae6de7f4c941ab98bef0492747db804fec71da7333cf7961c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\MANIFEST-000007

Filesize
117B

MD5
2ac0494b5c4c6d605281ee87339a0cc7

SHA1
6ea0fd5480bd086ed4110d0622388574f0222666

SHA256
53161ecf97484ce07e22fbed3f642f3c1daec51a22b84be407522e5d38d2afbd

SHA512
77c6a0422b17b90dcc84094e184020613bfc7f71f07bb6fe15a68f48330e7b374c5228d65606341248983e3ec17c9b30a61e31ebdfac73f7e6abeb9d2b5f8f7e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\000008.ldb

Filesize
400B

MD5
db5ea13a0bb4c61c110db6e4612b7230

SHA1
0f4ec2ab56ccfdb5251eb9a12448f762a8f7f350

SHA256
018b3fca4227bde2c3d8b8de8abce37045807b8d6a8588ea679fd81987b7518e

SHA512
45c5af252a92afdbb338a987337423b748b91bfbec2023714a067162573ec3e6144338dd3745077ab245b84a8f294e54d3a0776fdd2ad1fe001e14cf4dfaa0bd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\000009.log

Filesize
2KB

MD5
2e114cc2a6a8d10e56f5a6d862cad693

SHA1
0c6f64326595313be1a1b7c7b082d50dfca9a9f0

SHA256
ab559363bc9b527ba9e151d1acba879f00d5627f4166c229b3db14a3d27fcf85

SHA512
dfc83d2993b40a33b3ebae05cbe8b9c7defa3df7833e680162bb621fe2431a3932056ca082e76907e0ffae31c067476693ecc3209e2293b7249a65528b934e86

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\LOG

Filesize
249B

MD5
62e73b4daeeb6aee4140966d6fd76272

SHA1
d2cc64ea9a9fb521d345320ece81f394d8c6da41

SHA256
12a59a4b61007d452909b1220ba3c0a85ccb31dba122195a56b2c2d5557c8235

SHA512
39bc73d1514bb54607fecef4a060944ce48d1aac2e08f7fdbe2cd476dafd369f209b61e1e9de598a1fc8263f5696f99328139f3537548f88902dc5de298a7514

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\MANIFEST-000007

Filesize
98B

MD5
76b4e2c4aa0677e749a7f76c77898a94

SHA1
09e61694c26a671cbb6fb80993a1d4312ae8bba7

SHA256
ab1938aaa5b5245e6accd880a87a7980a00ce07e338003543db947bfd9243568

SHA512
d33328f1da8e53c292b772b09533a64f75e59382dad035798412c79e95f99d4a2ca380c19c63abf06a44be2b3d4035fac74dec258c33456454e7f1c036deef2e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000008.ldb

Filesize
300B

MD5
dfbf8619ea282eeee79762be8621c4b4

SHA1
5d0c03adc38165d851921a9c39ffb2aa88bf71c2

SHA256
4be62f808396c1b0737abd8ab156da6273c11d4e9709e31329cb469dfecf7c5a

SHA512
6ff64badf3b31fc52cee3d99d067a916f22f55cfcebcaf6aed573519d4318bc7f29e0d514a7f009750c89d7775325838baa7f3314922d46f95b7ddb99e0f3485

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000009.log

Filesize
90B

MD5
fa79b11d476f0533264a91181a143daf

SHA1
ecf557ea0f43d71c606254b3b5aae07e9895979d

SHA256
fc23251ccc379fb7927e87e2bfbdd7dfad72dd653837e3acd40a579191869d4b

SHA512
afd2bdc6c9b52c790df382d11b5a70b97415045d6edb2f3f609839ac57d404e209b8ed7bef6fe3df448f5aaf212eca8849b1a01525048a422d6db025af4a2845

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000010.dbtmp

Filesize
16B

MD5
60e3f691077715586b918375dd23c6b0

SHA1
476d3eab15649c40c6aebfb6ac2366db50283d1b

SHA256
e91d13722e31f9b06c5df3582cad1ea5b73547ce3dc08b12ed461f095aad48ee

SHA512
d1c146d27bbf19362d6571e2865bb472ce4fe43dc535305615d92d6a2366f98533747a8a70a578d1f00199f716a61ce39fac5cab9dd67e9c044bc49e7343130e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\CURRENT

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\LOG

Filesize
249B

MD5
c6b92f91b70b8fa9e8d57a98ba4d4425

SHA1
43d5607e3a9edd84fdf5ba6a5bfd47299d0236d2

SHA256
bc6d20259eb14e58c53f93cf1411ac5a2d995c00bb63a4583e9afe6ad3d58333

SHA512
4db9053b7a0dcf445597f85614ddbd1d698cf95e11b93b03d20eee9e1aa712ae381469d9989dc1cfe2e92633fec3f5aee5f0f9b636f82d682f9637538759b28e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\MANIFEST-000007

Filesize
118B

MD5
52142f50257a71384802a4e75800c7bf

SHA1
7b4c251111a0ebc8ee1a800bc83189ea77f15a3f

SHA256
99b859fb7e30e9e08492378b790da09f97c43c1b51e51861058a08d6578442dc

SHA512
26b36bf33179a0cf3f0e8687931cd660b8cb156e6e0cf62f36b3c29c46c8a00de5899e5b73fb7e35cba0e8c14ac7c4e065f9356552a04f247e7e9bab7c6ec260

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_1

Filesize
264KB

MD5
af5b671f82ef4d45947cfdb1a1aa1c16

SHA1
d4e4bd474b8a6bfb59e15930373d6daa40f4e363

SHA256
9feb4abbd1d130679208ed19870f9ab05c433cc314c6c62f551e00d3401fdfdc

SHA512
b597c6d0a89bf20a2ee64a8ad5a5748c94ce967d9eb2f476f32eab515b49541567c511f6a826ef5dd96bc4e7bf343d18a3d27052629d07a160af2e2be0918414

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Browser

Filesize
106B

MD5
de9ef0c5bcc012a3a1131988dee272d8

SHA1
fa9ccbdc969ac9e1474fce773234b28d50951cd8

SHA256
3615498fbef408a96bf30e01c318dac2d5451b054998119080e7faac5995f590

SHA512
cea946ebeadfe6be65e33edff6c68953a84ec2e2410884e12f406cac1e6c8a0793180433a7ef7ce097b24ea78a1fdbb4e3b3d9cdf1a827ab6ff5605da3691724

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version

Filesize
14B

MD5
9eae63c7a967fc314dd311d9f46a45b7

SHA1
caba9c2c93acfe0b9ceb9ab19b992b0fc19c71cf

SHA256
4288925b0cf871c7458c22c46936efb0e903802feb991a0e1803be94ca6c251d

SHA512
bed924bff236bf5b6ce1df1db82e86c935e5830a20d9d24697efd82ca331e30604db8d04b0d692ec8541ec6deb2225bcc7d805b79f2db5726642198ecf6348b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
130KB

MD5
6b114f4c6c010e22fbe834f6dd7b6f73

SHA1
02d112be35070f741257259fdd77f8152d082813

SHA256
a837a0c7127bbcb8048db80b81d5a240731cdc5f8e3b0fff17daffc28040dea4

SHA512
ce71237f44d97760abaa8b65bb551d87f1023f76fc53470859a74ebc70a8a6e388f1b88035a7e0dda23ed082aad7c638a8662049f6e7e9b59fb61e3252bf3fad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
265KB

MD5
bd4fadc91e07543e6ddb485624c46579

SHA1
bd440930449be44321fb2ee914ed8a2d01971bb1

SHA256
a886eb0247af74bc1814021af4b75534eb1904a229c0b04157e2099bad24919e

SHA512
eda924a0c40a2c62d3049cee6039f8c3c439f14c704f3bc597c6ee634c56a610542b48227500b3544bf527f69485cec1c983e8fdf3557b3331ca6d007241c7b3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
404b2ef5072dddbdfde1fb06a88c5a6b

SHA1
3c4169a154305c45b91e6f753a396e84fe80a540

SHA256
cabb3ccbeb909d6948e0aaac88fe38e990d359fbc60fef1375dc098a96d7581d

SHA512
32f0044f2650bfcf5966f1248d9037de6d09811b5edc6b2f1ebe20e84ac1310bfdaa177bd0ff5aa6bf88c0acd0ebe099b9a4850d1456b7432bbbf8db69d327d2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

Filesize
86B

MD5
961e3604f228b0d10541ebf921500c86

SHA1
6e00570d9f78d9cfebe67d4da5efe546543949a7

SHA256
f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed

SHA512
535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\chrome_shutdown_ms.txt

Filesize
4B

MD5
71184b141035498f5cb2603068d6e76d

SHA1
4ff1e92099f66ef88e0285660f626f1298a4cf74

SHA256
c8800e421159862288e828cd0dc94a8dcd997ceddb2992e4047b560a26c7108a

SHA512
73c441dce6fce4ad6386f2e2e996a25d6003080c4b8ab0bba30c173eb8997d36717627f3c28fdadfbf679974cb8503ce1b2cff00322b2394410529cc5649403f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar9525.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit