hxxps://www[.]youtube[.]com/

Analysis

max time kernel
73s
max time network
86s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
01/04/2023, 09:02

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://www.youtube.com/

Score

6^/10

persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\Software\Microsoft\Windows\CurrentVersion\Run	chrome.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133248205783215482"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1675742406-747946869-1029867430-1000\{B2EA513A-4357-4099-AB4D-74EF22D4E310}	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	5032	chrome.exe
Token: SeCreatePagefilePrivilege	5032	chrome.exe
Token: SeShutdownPrivilege	5032	chrome.exe
Token: SeCreatePagefilePrivilege	5032	chrome.exe
Token: SeShutdownPrivilege	5032	chrome.exe
Token: SeCreatePagefilePrivilege	5032	chrome.exe
Token: SeShutdownPrivilege	5032	chrome.exe
Token: SeCreatePagefilePrivilege	5032	chrome.exe
Token: SeShutdownPrivilege	5032	chrome.exe
Token: SeCreatePagefilePrivilege	5032	chrome.exe
Token: SeShutdownPrivilege	5032	chrome.exe
Token: SeCreatePagefilePrivilege	5032	chrome.exe
Token: SeShutdownPrivilege	5032	chrome.exe
Token: SeCreatePagefilePrivilege	5032	chrome.exe
Token: SeShutdownPrivilege	5032	chrome.exe
Token: SeCreatePagefilePrivilege	5032	chrome.exe
Token: SeShutdownPrivilege	5032	chrome.exe
Token: SeCreatePagefilePrivilege	5032	chrome.exe
Token: 33	1436	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1436	AUDIODG.EXE
Token: SeShutdownPrivilege	5032	chrome.exe
Token: SeCreatePagefilePrivilege	5032	chrome.exe
Token: SeShutdownPrivilege	5032	chrome.exe
Token: SeCreatePagefilePrivilege	5032	chrome.exe
Token: SeShutdownPrivilege	5032	chrome.exe
Token: SeCreatePagefilePrivilege	5032	chrome.exe
Token: SeShutdownPrivilege	5032	chrome.exe
Token: SeCreatePagefilePrivilege	5032	chrome.exe
Token: SeShutdownPrivilege	5032	chrome.exe
Token: SeCreatePagefilePrivilege	5032	chrome.exe
Token: SeShutdownPrivilege	5032	chrome.exe
Token: SeCreatePagefilePrivilege	5032	chrome.exe
Token: SeShutdownPrivilege	5032	chrome.exe
Token: SeCreatePagefilePrivilege	5032	chrome.exe
Token: SeShutdownPrivilege	5032	chrome.exe
Token: SeCreatePagefilePrivilege	5032	chrome.exe
Token: SeShutdownPrivilege	5032	chrome.exe
Token: SeCreatePagefilePrivilege	5032	chrome.exe
Token: SeShutdownPrivilege	5032	chrome.exe
Token: SeCreatePagefilePrivilege	5032	chrome.exe
Token: SeShutdownPrivilege	5032	chrome.exe
Token: SeCreatePagefilePrivilege	5032	chrome.exe
Token: SeShutdownPrivilege	5032	chrome.exe
Token: SeCreatePagefilePrivilege	5032	chrome.exe
Token: SeShutdownPrivilege	5032	chrome.exe
Token: SeCreatePagefilePrivilege	5032	chrome.exe
Token: SeShutdownPrivilege	5032	chrome.exe
Token: SeCreatePagefilePrivilege	5032	chrome.exe
Token: SeShutdownPrivilege	5032	chrome.exe
Token: SeCreatePagefilePrivilege	5032	chrome.exe
Token: SeShutdownPrivilege	5032	chrome.exe
Token: SeCreatePagefilePrivilege	5032	chrome.exe
Token: SeShutdownPrivilege	5032	chrome.exe
Token: SeCreatePagefilePrivilege	5032	chrome.exe
Token: SeShutdownPrivilege	5032	chrome.exe
Token: SeCreatePagefilePrivilege	5032	chrome.exe
Token: SeShutdownPrivilege	5032	chrome.exe
Token: SeCreatePagefilePrivilege	5032	chrome.exe
Token: SeShutdownPrivilege	5032	chrome.exe
Token: SeCreatePagefilePrivilege	5032	chrome.exe
Token: SeShutdownPrivilege	5032	chrome.exe
Token: SeCreatePagefilePrivilege	5032	chrome.exe
Token: SeShutdownPrivilege	5032	chrome.exe
Token: SeCreatePagefilePrivilege	5032	chrome.exe

Suspicious use of FindShellTrayWindow 27 IoCs

pid	Process
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5032 wrote to memory of 4644	5032	chrome.exe	83
PID 5032 wrote to memory of 4644	5032	chrome.exe	83
PID 5032 wrote to memory of 1788	5032	chrome.exe	84
PID 5032 wrote to memory of 1788	5032	chrome.exe	84
PID 5032 wrote to memory of 1788	5032	chrome.exe	84
PID 5032 wrote to memory of 1788	5032	chrome.exe	84
PID 5032 wrote to memory of 1788	5032	chrome.exe	84
PID 5032 wrote to memory of 1788	5032	chrome.exe	84
PID 5032 wrote to memory of 1788	5032	chrome.exe	84
PID 5032 wrote to memory of 1788	5032	chrome.exe	84
PID 5032 wrote to memory of 1788	5032	chrome.exe	84
PID 5032 wrote to memory of 1788	5032	chrome.exe	84
PID 5032 wrote to memory of 1788	5032	chrome.exe	84
PID 5032 wrote to memory of 1788	5032	chrome.exe	84
PID 5032 wrote to memory of 1788	5032	chrome.exe	84
PID 5032 wrote to memory of 1788	5032	chrome.exe	84
PID 5032 wrote to memory of 1788	5032	chrome.exe	84
PID 5032 wrote to memory of 1788	5032	chrome.exe	84
PID 5032 wrote to memory of 1788	5032	chrome.exe	84
PID 5032 wrote to memory of 1788	5032	chrome.exe	84
PID 5032 wrote to memory of 1788	5032	chrome.exe	84
PID 5032 wrote to memory of 1788	5032	chrome.exe	84
PID 5032 wrote to memory of 1788	5032	chrome.exe	84
PID 5032 wrote to memory of 1788	5032	chrome.exe	84
PID 5032 wrote to memory of 1788	5032	chrome.exe	84
PID 5032 wrote to memory of 1788	5032	chrome.exe	84
PID 5032 wrote to memory of 1788	5032	chrome.exe	84
PID 5032 wrote to memory of 1788	5032	chrome.exe	84
PID 5032 wrote to memory of 1788	5032	chrome.exe	84
PID 5032 wrote to memory of 1788	5032	chrome.exe	84
PID 5032 wrote to memory of 1788	5032	chrome.exe	84
PID 5032 wrote to memory of 1788	5032	chrome.exe	84
PID 5032 wrote to memory of 1788	5032	chrome.exe	84
PID 5032 wrote to memory of 1788	5032	chrome.exe	84
PID 5032 wrote to memory of 1788	5032	chrome.exe	84
PID 5032 wrote to memory of 1788	5032	chrome.exe	84
PID 5032 wrote to memory of 1788	5032	chrome.exe	84
PID 5032 wrote to memory of 1788	5032	chrome.exe	84
PID 5032 wrote to memory of 1788	5032	chrome.exe	84
PID 5032 wrote to memory of 1788	5032	chrome.exe	84
PID 5032 wrote to memory of 4416	5032	chrome.exe	85
PID 5032 wrote to memory of 4416	5032	chrome.exe	85
PID 5032 wrote to memory of 3976	5032	chrome.exe	86
PID 5032 wrote to memory of 3976	5032	chrome.exe	86
PID 5032 wrote to memory of 3976	5032	chrome.exe	86
PID 5032 wrote to memory of 3976	5032	chrome.exe	86
PID 5032 wrote to memory of 3976	5032	chrome.exe	86
PID 5032 wrote to memory of 3976	5032	chrome.exe	86
PID 5032 wrote to memory of 3976	5032	chrome.exe	86
PID 5032 wrote to memory of 3976	5032	chrome.exe	86
PID 5032 wrote to memory of 3976	5032	chrome.exe	86
PID 5032 wrote to memory of 3976	5032	chrome.exe	86
PID 5032 wrote to memory of 3976	5032	chrome.exe	86
PID 5032 wrote to memory of 3976	5032	chrome.exe	86
PID 5032 wrote to memory of 3976	5032	chrome.exe	86
PID 5032 wrote to memory of 3976	5032	chrome.exe	86
PID 5032 wrote to memory of 3976	5032	chrome.exe	86
PID 5032 wrote to memory of 3976	5032	chrome.exe	86
PID 5032 wrote to memory of 3976	5032	chrome.exe	86
PID 5032 wrote to memory of 3976	5032	chrome.exe	86
PID 5032 wrote to memory of 3976	5032	chrome.exe	86
PID 5032 wrote to memory of 3976	5032	chrome.exe	86
PID 5032 wrote to memory of 3976	5032	chrome.exe	86
PID 5032 wrote to memory of 3976	5032	chrome.exe	86

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://www.youtube.com/
1⤵
- Adds Run key to start application
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb36c49758,0x7ffb36c49768,0x7ffb36c49778
  2⤵
  PID:4644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1780 --field-trial-handle=1844,i,3824217891887344469,16510984577692975156,131072 /prefetch:2
  2⤵
  PID:1788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1624 --field-trial-handle=1844,i,3824217891887344469,16510984577692975156,131072 /prefetch:8
  2⤵
  PID:4416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2232 --field-trial-handle=1844,i,3824217891887344469,16510984577692975156,131072 /prefetch:8
  2⤵
  PID:3976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3140 --field-trial-handle=1844,i,3824217891887344469,16510984577692975156,131072 /prefetch:1
  2⤵
  PID:3496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3156 --field-trial-handle=1844,i,3824217891887344469,16510984577692975156,131072 /prefetch:1
  2⤵
  PID:4148
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4492 --field-trial-handle=1844,i,3824217891887344469,16510984577692975156,131072 /prefetch:1
  2⤵
  PID:4444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4992 --field-trial-handle=1844,i,3824217891887344469,16510984577692975156,131072 /prefetch:8
  2⤵
  PID:3512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5164 --field-trial-handle=1844,i,3824217891887344469,16510984577692975156,131072 /prefetch:8
  2⤵
  PID:3504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5004 --field-trial-handle=1844,i,3824217891887344469,16510984577692975156,131072 /prefetch:8
  2⤵
  - Modifies registry class
  PID:320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5508 --field-trial-handle=1844,i,3824217891887344469,16510984577692975156,131072 /prefetch:8
  2⤵
  PID:4900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4844 --field-trial-handle=1844,i,3824217891887344469,16510984577692975156,131072 /prefetch:8
  2⤵
  PID:1836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5364 --field-trial-handle=1844,i,3824217891887344469,16510984577692975156,131072 /prefetch:8
  2⤵
  PID:4896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5508 --field-trial-handle=1844,i,3824217891887344469,16510984577692975156,131072 /prefetch:8
  2⤵
  PID:2252
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5656 --field-trial-handle=1844,i,3824217891887344469,16510984577692975156,131072 /prefetch:8
  2⤵
  PID:1560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5372 --field-trial-handle=1844,i,3824217891887344469,16510984577692975156,131072 /prefetch:8
  2⤵
  PID:3964

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2860

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x3f4 0x470
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1436

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
480B

MD5
d1f8f21cdd3467d4bae8bc8d57fb3182

SHA1
8e642b424cdd04c69486dffa51c934cc85e3fd41

SHA256
e5ca22dfea1a11933a2699d0cddbaf40560d35822c980d49394a7d080483331d

SHA512
208d46cfa207bf19dd9bce57d2171a81be74a1bdde83ff712fa258ff48382e052fc53e09ceb250703bffdf4b0bd1864f2b27c910948d77d4e4d84085e0a04040

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
3a4b31fad73797a6886b5b81bf576954

SHA1
7c391ae61ef91222c3a322b7ffdc28377c570916

SHA256
96aae7c989a8d176216880be4a2f4214d42fbca4ed2addfddb82a755892848ac

SHA512
5ccd014decc9f94ace1eae752bf2b195668b3a4df03c944c2cc37c3821c24bf2c9a612686653fcfcd47766b3b4a5edf3d1548c3de6a493c34871e9bd347df87f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
0f26fda3577ac6ed91dfd4dfdae50961

SHA1
2351bfad7a119757cbaf2420314b55b1c6c42e84

SHA256
d7974cd2753cf844da6da8079dc0b695dd15a6306644cb43797dee67538e456c

SHA512
005fa57397c01a2a422aa8906950f8f1a7e2f81175b38eaa12fb4a053f40da9220e574e7ae374f1872480c503b77de18bb97d31e89ca2e6c2f9f5496a94716ae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
707B

MD5
cc3ce6a3c9c35c43fc4699bd02dcda65

SHA1
d244dae0b1b297c965d6994d88e487e47fc05355

SHA256
2cfeca21c854e65b06fa3b1a57463cc247916441d6034ff37f7b8f06fbb00c06

SHA512
ff6dbc68c1f0c02a01f9e98ddecb4411ff43ad0b60f253fa2d4c4950f877d12db4ec4b0f274b3f65909ba9ceac8b7b37a60e865545b79131fd82dd21d7acb09b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
874B

MD5
362135e0be278959e6c1f03763d9a1e1

SHA1
3b7e07791a8742758eded3d0746b6c1bb4386751

SHA256
ea85623f323b93d57719ef195107dbb52a9ab98f40563b6eb5aa42358f20ea0f

SHA512
99cbdb6e02437ce46b7cbc20aed84595b1d628726ec51156a0ee62416a84ea91fa6a55abd9f1b2d17ead1bd88bc1a70769c50ad6041e67b97990a87eaf5140f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
9a8f517f24749dca5eff142173247f68

SHA1
92f8cb2c751c795fdb3f60bdeed228405425c999

SHA256
f7fb702c96304f5ad3cf8c5054e35c3b8ee12edefd9e482562ca2c9c2db970b9

SHA512
a12e13f3492ba1ddea51e3190ab19700020f14c9a09ed479c75c1cc9eb7dfcade62bf98cfeac60ec0b78d971703c8160ed315b9aa12c1040f5200b4915540430

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
f1cbc840947419d5e5e72277ec9b2346

SHA1
97b451fe932d138331edb7bb89e85056cf9c7314

SHA256
f14bd8b29986547336b097ddfeb5a15412e867c2ab579319c4ceb6d6a9688b1d

SHA512
bf65b84293faced6cdd574d60bad7c669ba7fa2ddbf051f01e55d68b794bf80335006e70794aa70fefeb42decb95a4e2ca4db4b768a86a799df532c2e83363b0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
92487cba274be865c28e49f21696ad39

SHA1
d62b43e4243b4a1359be51870feda322a0c6dcbb

SHA256
80dd9a24753cf4db29489deb8c91680c315721e9b2c76b54f95a61aeb5fa1343

SHA512
536d3b2160712013605abae68646b8cfa5d21ed67a5f3ebd95febd576c6582a7df4b855d1ebcd764aace5104b563687d489f856784340e1c168a3a3447861794

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
163313bb8fc3f0679005f0a0926da75f

SHA1
4dd986d1c6ed83a6b46f0fe29ec7bf27d7b86f80

SHA256
e50837d52b861c95f7f0c38ea410bf0f330b6353d152f64d7306b4e28f1c8ef4

SHA512
192a25d48d2bd98ec0df92eb90cdff1b244697f07e1726656186046c89b76b545a1a8cfddd51b5fb68193b7905574c9c73d962e2cb2d997a13bfb5c5d232beac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
817a0acec8ae31e7660d112b05a1f9ca

SHA1
2fe9d2946b574ea98b675ab692f54347c280363c

SHA256
636d021b2c8095160f8e596df83ad4a4c1475c452749a3c35aea3ea449651d6c

SHA512
b9b1aa37bf14f391784a815427439ff60994a11843c61e3a54c698c37c7d209e6c6c0e3dea0e72e1ba86414d2aea7fa120d7f6209502c8b467e9e1b38ae7fa47

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\59f45cf0-4c38-4b75-84ce-b8dbdc5e3020\d5723baa59c92c1b_0

Filesize
2KB

MD5
72b4f8185efbebb2bbdb2aa9bbfc622a

SHA1
e4cc696df154711644e165ac93cc22c8c8a39a38

SHA256
7aeba1431c1dc54547fbdd2f46cfa665f48f813924cbd96c39af2d6d3ef379f7

SHA512
a75679a11eb05c51771a647763134581b9d68b2e9103e367ea2f7b7184e1fec2a40a6db21c0bef9c267a3fad6838a7bd41b958554f7497ba1b8bbd5807aa4fb4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\59f45cf0-4c38-4b75-84ce-b8dbdc5e3020\index-dir\the-real-index

Filesize
624B

MD5
9f938372c7b3d99137da7df58539d7a9

SHA1
e5b321e269f06fddf0c42feb9719e470562cee44

SHA256
8dc7f31a41b40982c9cd71202b39165f866f3517aa8e9020c3a7e8174aad3d81

SHA512
214fd00e39fe3985f08dd56262b79cda5f56a1dd82b8f7ebe9e69e5a5ae4599158b0f8e829916fa8627da3d7c002e0409b8414d6d5a6c2592983e1f789b4c602

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\59f45cf0-4c38-4b75-84ce-b8dbdc5e3020\index-dir\the-real-index~RFe56e40c.TMP

Filesize
48B

MD5
811bc1ed17b725b1b725bdefd45c1527

SHA1
74806f063658fd3affa3767c5b3b1225a85cd43d

SHA256
7079cc5cc93dbfe2edcec212a33bad85dd9ecf961902650c03a7f419b8e5ca77

SHA512
66929c7583faae37fae0232b25c00172e4c4b96e10f94e43835204b2339c44d396218eee858fcd1052cb1d9bd38ff7e3e70544294767fd7c9d40a942bdf14546

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
125B

MD5
8f1de186e00a9ac39f29de7f65333e2e

SHA1
35a5e84a3951bbb71bb4bfa5c0677460449b7a9c

SHA256
a727a925104b00a7c982d9d7fb10e313be876bad82383638246bf2d3587ebbd5

SHA512
041fff00753b3015320ef7b5eb409795cec0acf25d61f7d66c455898dea455c67a81ac88c4597c3c10302d2a980ed7cc7bf8c01211cbf8fe26c984bd8bb33533

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
56B

MD5
ae1bccd6831ebfe5ad03b482ee266e4f

SHA1
01f4179f48f1af383b275d7ee338dd160b6f558a

SHA256
1b11047e738f76c94c9d15ee981ec46b286a54def1a7852ca1ade7f908988649

SHA512
baf7ff6747f30e542c254f46a9678b9dbf42312933962c391b79eca6fcb615e4ba9283c00f554d6021e594f18c087899bc9b5362c41c0d6f862bba7fb9f83038

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
129B

MD5
01eb2aa9bb537b335242811e197bc2fa

SHA1
227e6c8a9c9b290778bf84069db1b4f3fe5d2693

SHA256
3454cf122e0faba64e104e7d12e0331ee7f0ec5e06d109fbde36f9bccc6eb4eb

SHA512
7bfaab0e7cdddaf3578a04d6875129c21874c19941bf6c1cbe6b12fe5936e85c64406ac171fea958765cc1f6b7212fec4230d7c0b1a7d6b20ccf07099a1a3901

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe56809e.TMP

Filesize
120B

MD5
44f9b25aa3289426921309715ccbba87

SHA1
965d38fa2ef7edc85ba338c8f6fca2a8f34c158f

SHA256
252d01afb5ccd7e428f8abecc974d67fc94beaa8cc534501592bebb029dcbd53

SHA512
4721ca86fdcb9ded7c6545886d583d09ab9f1f9006dec582b7a81db3503da5a0ba490ff51e4516daa875a9bdf43c43d0256ac1506bb9f0fb9da8ae40738e2e44

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
fb84009e9416b3635ddc04eaf3812d1e

SHA1
24cab83adc7b2d4787322093544437e0216db917

SHA256
0858077da4aa4fa2d65f3aed1fc43e84ac1ef17a00c2e648fec76d003e14e907

SHA512
c6724dc7c5d41ae402ed5811c46f04e7f2a0a36c9f28a69ce57b62f65f1affec0c92e776533692d633acd4f40f9de309c80a41600d31b47bc31c1ccd01076887

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe56d15e.TMP

Filesize
48B

MD5
a0b815c4dbd520c3e2982a8c04e808a8

SHA1
1d86c9e9c7cad087a3be90023be36021d153bc90

SHA256
cc16fedd806b749b665fa0c82d6435edc71c9a4aeb03d5738754b138e780e89a

SHA512
437195134768141117fe73bd406cc0e0297e528541d22ed855f8ebb57bed279bcf2dfa5481a350d81ad73c76cfac90b47f108b3daa67260f90eef760398e4661

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir5032_1427837907\Shortcuts Menu Icons\Monochrome\0\512.png

Filesize
2KB

MD5
12a429f9782bcff446dc1089b68d44ee

SHA1
e41e5a1a4f2950a7f2da8be77ca26a66da7093b9

SHA256
e1d7407b07c40b5436d78db1077a16fbf75d49e32f3cbd01187b5eaaa10f1e37

SHA512
1da99c5278a589972a1d711d694890f4fd4ec4e56f83781ab9dee91ba99530a7f90d969588fa24dce24b094a28bdecbea80328cee862031a8b289f3e4f38ce7a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir5032_1427837907\Shortcuts Menu Icons\Monochrome\1\512.png

Filesize
10KB

MD5
7f57c509f12aaae2c269646db7fde6e8

SHA1
969d8c0e3d9140f843f36ccf2974b112ad7afc07

SHA256
1d5c9f67fe93f9fcc1a1b61ebc35bda8f98f1261e5005ae37af71f42aab1d90f

SHA512
3503a0f4939bed9e1fd5e086b17d6de1063220dffdab2d2373aa9582a2454a9d8f18c1be74442f4e597bdba796d2d69220bd9e6be632a15367225b804187ea18

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir5032_1721349232\Icons Monochrome\16.png

Filesize
216B

MD5
a4fd4f5953721f7f3a5b4bfd58922efe

SHA1
f3abed41d764efbd26bacf84c42bd8098a14c5cb

SHA256
c659d57841bb33d63f7b1334200548f207340d95e8e2ae25aac7a798a08071a3

SHA512
7fcc1ca4d6d97335e76faa65b7cfb381fb722210041bdcd3b31b0f94e15dc226eec4639547af86ae71f311f52a956dc83294c2d23f345e63b5e45e25956b2691

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
72KB

MD5
a344bd92780341f540e5f63cde046d5d

SHA1
99cd2536d956fa8381b0d0f302e49237e15e72cd

SHA256
19d2e1b7bc1f41076710cff096d07f6367bc373e36e037129418bf976d77d6de

SHA512
4e262060bb4c6f3830659e0100f152fd30f2f6fbbf4cd9f7f2b553f74f875f10e4aded0dd8f7f20ba07acc1210f410c70193b02c0e93b5a50979b85a552b8efc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
176KB

MD5
10c838ba8d60f704e8ba02135f3d2952

SHA1
df8b99a5344b973e5a102490f974bc8703fa2cf4

SHA256
00f3d07ff2612894753b9d2e759b9e083a1afe3049821a9719a9d342f6a48574

SHA512
8599e23ae0f20845bf05ed11f63a5c79019a38090fea7773ed7874fce9b9e2aab5e97e9382d7e334ab318315aaa007f7ba973802f358017673776005ab501828

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
175KB

MD5
e7af849001dc6ae2093e20c875ebde20

SHA1
f0082ea2c88dc041fe79abdcd86c31e0fdac6e5e

SHA256
097429688f700d19d750cd8d5c15f3227dd3851eea07cffa3a5e868cb6fb6b23

SHA512
a02822f5f1a2215ef4fcec8144e7b1088643b39cca99e6775af4f48dd3d3af7e169cd7e4e83508a8717dcacdf04bf7cb27ff1aabc73eda576b9c605b9caff212

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
175KB

MD5
114353fc6d46e6fe6d80410278b65242

SHA1
6d93a039dca4aa92017da96f6a73d216aba1d796

SHA256
d9e58ec152c253d8d5bce172395d8e61179ce9ad98482101b4d9f1172f1c3434

SHA512
2e31f48330b48851ce114b9d50c7d8cb645d5795d73a09ae38c2af3f2d2070f9458332a58347fa7a5e806450bc879293cfb625c7884fb96386ea1026e258fc98

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
175KB

MD5
78a2eca886cd98eedade400a693c72b8

SHA1
e0237cad5f7d1b2dcc04d8fbf44a3b6f318457b3

SHA256
cea2b938c63508d6b420c272305a4e7c77ee51bb3669feab214e80cbd8c23928

SHA512
12b1e68cc7dfe70f12fc11952e7834888e647bbde583d65f29cda93ef6a6ba1d6bbfd4c685cebcc9091918841f72b069636e343f247e125169c77163c289d205

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
175KB

MD5
64bdaad8bc47115a1eb4e12dae3bd2a2

SHA1
487862cd141479ec75d36f6d2bdaae2bb95dd00f

SHA256
40985882439df6d4991dba184e2cb9b79b1aa3f4204cf48c920ba92035cbbc98

SHA512
cbcf2a53566676f556338ab3034ec7180eb8cc610194ebc0f8ece684b6b3df645c9c6def3c932c5d6298c6e743662f19b9952ebad9a5c7a093125886699b1030

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
182KB

MD5
80ca318780eb3f66eb13b5add7889fbd

SHA1
dcc8037c355eb1e49c2c5b1e15b03b9fde799e36

SHA256
80729b48f40c190a04c2cc248a2786c2f683b1901c5e6925f3f2ac60cd0ec8f8

SHA512
1e8ed31906f5b4d09f4f0fb22ac2242881732a5365f705d12e21ab5abbad1ff73c5878cee8989fb9c106fece31063296ddbe9aaaf4105a457d25dd0a9005d732

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
98KB

MD5
609946ece6079cb5a859f508c3ffbda6

SHA1
eaa863d0feb2c1b71cfe452579e9ee798a07045d

SHA256
37a7f6a827f34e9936f7ca282e7bfcab092ea45271bcb9d9e9baca2f6cecc5c0

SHA512
eae18571794466f430a32aa27db5297c1357b9f85dc1f29e8ef9f2774ccbb7b65077ce4a2facac2d3924614972f7fcb16b6701d2b0271559fb6a6e504e26398b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57542b.TMP

Filesize
96KB

MD5
66f0858a89a00fcfd9c9d6a25a66b4f0

SHA1
e6e9441e6ce54ded321f3a9e59ffd5264c0155ff

SHA256
b4a10e59c2949fe1947f160d5951cea43ac758be100e773d3ca06020473f98f2

SHA512
0351d0c698f86df44aed60117fd32275f62ed81badf047fc3fb9258acc9c456599943b92c9ad91de89a8fcc93e43ea46719c09a210ec8647093bc8841f194da1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit