hxxps://www[.]youtube[.]com/watch?v=qCGAgsDUiJQ&ab_channel=X2K9

Analysis

max time kernel
1800s
max time network
1690s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
12-04-2023 18:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.youtube.com/watch?v=qCGAgsDUiJQ&ab_channel=X2K9

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133258062414820311"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2275444769-3691835758-4097679484-1000\{EFCF512B-294A-4C89-A53A-DEA48C5798DA}	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
3368	chrome.exe
3368	chrome.exe
4624	chrome.exe
4624	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3368	chrome.exe
Token: SeCreatePagefilePrivilege	3368	chrome.exe
Token: SeShutdownPrivilege	3368	chrome.exe
Token: SeCreatePagefilePrivilege	3368	chrome.exe
Token: SeShutdownPrivilege	3368	chrome.exe
Token: SeCreatePagefilePrivilege	3368	chrome.exe
Token: SeShutdownPrivilege	3368	chrome.exe
Token: SeCreatePagefilePrivilege	3368	chrome.exe
Token: SeShutdownPrivilege	3368	chrome.exe
Token: SeCreatePagefilePrivilege	3368	chrome.exe
Token: SeShutdownPrivilege	3368	chrome.exe
Token: SeCreatePagefilePrivilege	3368	chrome.exe
Token: SeShutdownPrivilege	3368	chrome.exe
Token: SeCreatePagefilePrivilege	3368	chrome.exe
Token: 33	1484	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1484	AUDIODG.EXE
Token: SeShutdownPrivilege	3368	chrome.exe
Token: SeCreatePagefilePrivilege	3368	chrome.exe
Token: SeShutdownPrivilege	3368	chrome.exe
Token: SeCreatePagefilePrivilege	3368	chrome.exe
Token: SeShutdownPrivilege	3368	chrome.exe
Token: SeCreatePagefilePrivilege	3368	chrome.exe
Token: SeShutdownPrivilege	3368	chrome.exe
Token: SeCreatePagefilePrivilege	3368	chrome.exe
Token: SeShutdownPrivilege	3368	chrome.exe
Token: SeCreatePagefilePrivilege	3368	chrome.exe
Token: SeShutdownPrivilege	3368	chrome.exe
Token: SeCreatePagefilePrivilege	3368	chrome.exe
Token: SeShutdownPrivilege	3368	chrome.exe
Token: SeCreatePagefilePrivilege	3368	chrome.exe
Token: SeShutdownPrivilege	3368	chrome.exe
Token: SeCreatePagefilePrivilege	3368	chrome.exe
Token: SeShutdownPrivilege	3368	chrome.exe
Token: SeCreatePagefilePrivilege	3368	chrome.exe
Token: SeShutdownPrivilege	3368	chrome.exe
Token: SeCreatePagefilePrivilege	3368	chrome.exe
Token: SeShutdownPrivilege	3368	chrome.exe
Token: SeCreatePagefilePrivilege	3368	chrome.exe
Token: SeShutdownPrivilege	3368	chrome.exe
Token: SeCreatePagefilePrivilege	3368	chrome.exe
Token: SeShutdownPrivilege	3368	chrome.exe
Token: SeCreatePagefilePrivilege	3368	chrome.exe
Token: SeShutdownPrivilege	3368	chrome.exe
Token: SeCreatePagefilePrivilege	3368	chrome.exe
Token: SeShutdownPrivilege	3368	chrome.exe
Token: SeCreatePagefilePrivilege	3368	chrome.exe
Token: SeShutdownPrivilege	3368	chrome.exe
Token: SeCreatePagefilePrivilege	3368	chrome.exe
Token: SeShutdownPrivilege	3368	chrome.exe
Token: SeCreatePagefilePrivilege	3368	chrome.exe
Token: SeShutdownPrivilege	3368	chrome.exe
Token: SeCreatePagefilePrivilege	3368	chrome.exe
Token: SeShutdownPrivilege	3368	chrome.exe
Token: SeCreatePagefilePrivilege	3368	chrome.exe
Token: SeShutdownPrivilege	3368	chrome.exe
Token: SeCreatePagefilePrivilege	3368	chrome.exe
Token: SeShutdownPrivilege	3368	chrome.exe
Token: SeCreatePagefilePrivilege	3368	chrome.exe
Token: SeShutdownPrivilege	3368	chrome.exe
Token: SeCreatePagefilePrivilege	3368	chrome.exe
Token: SeShutdownPrivilege	3368	chrome.exe
Token: SeCreatePagefilePrivilege	3368	chrome.exe
Token: SeShutdownPrivilege	3368	chrome.exe
Token: SeCreatePagefilePrivilege	3368	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3368 wrote to memory of 396	3368	chrome.exe	83
PID 3368 wrote to memory of 396	3368	chrome.exe	83
PID 3368 wrote to memory of 2932	3368	chrome.exe	84
PID 3368 wrote to memory of 2932	3368	chrome.exe	84
PID 3368 wrote to memory of 2932	3368	chrome.exe	84
PID 3368 wrote to memory of 2932	3368	chrome.exe	84
PID 3368 wrote to memory of 2932	3368	chrome.exe	84
PID 3368 wrote to memory of 2932	3368	chrome.exe	84
PID 3368 wrote to memory of 2932	3368	chrome.exe	84
PID 3368 wrote to memory of 2932	3368	chrome.exe	84
PID 3368 wrote to memory of 2932	3368	chrome.exe	84
PID 3368 wrote to memory of 2932	3368	chrome.exe	84
PID 3368 wrote to memory of 2932	3368	chrome.exe	84
PID 3368 wrote to memory of 2932	3368	chrome.exe	84
PID 3368 wrote to memory of 2932	3368	chrome.exe	84
PID 3368 wrote to memory of 2932	3368	chrome.exe	84
PID 3368 wrote to memory of 2932	3368	chrome.exe	84
PID 3368 wrote to memory of 2932	3368	chrome.exe	84
PID 3368 wrote to memory of 2932	3368	chrome.exe	84
PID 3368 wrote to memory of 2932	3368	chrome.exe	84
PID 3368 wrote to memory of 2932	3368	chrome.exe	84
PID 3368 wrote to memory of 2932	3368	chrome.exe	84
PID 3368 wrote to memory of 2932	3368	chrome.exe	84
PID 3368 wrote to memory of 2932	3368	chrome.exe	84
PID 3368 wrote to memory of 2932	3368	chrome.exe	84
PID 3368 wrote to memory of 2932	3368	chrome.exe	84
PID 3368 wrote to memory of 2932	3368	chrome.exe	84
PID 3368 wrote to memory of 2932	3368	chrome.exe	84
PID 3368 wrote to memory of 2932	3368	chrome.exe	84
PID 3368 wrote to memory of 2932	3368	chrome.exe	84
PID 3368 wrote to memory of 2932	3368	chrome.exe	84
PID 3368 wrote to memory of 2932	3368	chrome.exe	84
PID 3368 wrote to memory of 2932	3368	chrome.exe	84
PID 3368 wrote to memory of 2932	3368	chrome.exe	84
PID 3368 wrote to memory of 2932	3368	chrome.exe	84
PID 3368 wrote to memory of 2932	3368	chrome.exe	84
PID 3368 wrote to memory of 2932	3368	chrome.exe	84
PID 3368 wrote to memory of 2932	3368	chrome.exe	84
PID 3368 wrote to memory of 2932	3368	chrome.exe	84
PID 3368 wrote to memory of 2932	3368	chrome.exe	84
PID 3368 wrote to memory of 2808	3368	chrome.exe	85
PID 3368 wrote to memory of 2808	3368	chrome.exe	85
PID 3368 wrote to memory of 2192	3368	chrome.exe	86
PID 3368 wrote to memory of 2192	3368	chrome.exe	86
PID 3368 wrote to memory of 2192	3368	chrome.exe	86
PID 3368 wrote to memory of 2192	3368	chrome.exe	86
PID 3368 wrote to memory of 2192	3368	chrome.exe	86
PID 3368 wrote to memory of 2192	3368	chrome.exe	86
PID 3368 wrote to memory of 2192	3368	chrome.exe	86
PID 3368 wrote to memory of 2192	3368	chrome.exe	86
PID 3368 wrote to memory of 2192	3368	chrome.exe	86
PID 3368 wrote to memory of 2192	3368	chrome.exe	86
PID 3368 wrote to memory of 2192	3368	chrome.exe	86
PID 3368 wrote to memory of 2192	3368	chrome.exe	86
PID 3368 wrote to memory of 2192	3368	chrome.exe	86
PID 3368 wrote to memory of 2192	3368	chrome.exe	86
PID 3368 wrote to memory of 2192	3368	chrome.exe	86
PID 3368 wrote to memory of 2192	3368	chrome.exe	86
PID 3368 wrote to memory of 2192	3368	chrome.exe	86
PID 3368 wrote to memory of 2192	3368	chrome.exe	86
PID 3368 wrote to memory of 2192	3368	chrome.exe	86
PID 3368 wrote to memory of 2192	3368	chrome.exe	86
PID 3368 wrote to memory of 2192	3368	chrome.exe	86
PID 3368 wrote to memory of 2192	3368	chrome.exe	86

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://www.youtube.com/watch?v=qCGAgsDUiJQ&ab_channel=X2K9
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcdd959758,0x7ffcdd959768,0x7ffcdd959778
  2⤵
  PID:396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1804 --field-trial-handle=1820,i,1553542237178775673,1751862259051307626,131072 /prefetch:2
  2⤵
  PID:2932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1820,i,1553542237178775673,1751862259051307626,131072 /prefetch:8
  2⤵
  PID:2808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2164 --field-trial-handle=1820,i,1553542237178775673,1751862259051307626,131072 /prefetch:8
  2⤵
  PID:2192
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3168 --field-trial-handle=1820,i,1553542237178775673,1751862259051307626,131072 /prefetch:1
  2⤵
  PID:1800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3192 --field-trial-handle=1820,i,1553542237178775673,1751862259051307626,131072 /prefetch:1
  2⤵
  PID:1532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4568 --field-trial-handle=1820,i,1553542237178775673,1751862259051307626,131072 /prefetch:1
  2⤵
  PID:2736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4736 --field-trial-handle=1820,i,1553542237178775673,1751862259051307626,131072 /prefetch:8
  2⤵
  PID:4696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5236 --field-trial-handle=1820,i,1553542237178775673,1751862259051307626,131072 /prefetch:8
  2⤵
  - Modifies registry class
  PID:3740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5300 --field-trial-handle=1820,i,1553542237178775673,1751862259051307626,131072 /prefetch:8
  2⤵
  PID:2336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5732 --field-trial-handle=1820,i,1553542237178775673,1751862259051307626,131072 /prefetch:8
  2⤵
  PID:4604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5400 --field-trial-handle=1820,i,1553542237178775673,1751862259051307626,131072 /prefetch:8
  2⤵
  PID:3952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5512 --field-trial-handle=1820,i,1553542237178775673,1751862259051307626,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4624

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2364

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x388 0x390
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1484

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
480B

MD5
d9e37acdb6caf8ceee767f59dfe2845c

SHA1
0663b37fe21160a8e853e7981c099915f80a9a42

SHA256
9f622e9d893d92631dc055c8723555226671bdfc2d624749564f6e4847b8c6f8

SHA512
b45e94990a5ee7d82dc26724b987aaa7690891b93f101299b083b3e8a14b618089e20179bf8ab725e8669592571b0b05ef7d9ef6088cbf7329b8c96db0a52a98

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
5c7613dd537e54acfc8d8d7aecf81870

SHA1
143a001ade62a7b9fbe0bd84fbe388f3ee7e13a1

SHA256
8c8cad0c98338fcb76e8ff165c26cdb81030f7d86833ed807251548432e88939

SHA512
4394cb3ef16605cf88590cf757da16fd46e9778fdce6d24a8efa0907eee0a2e2dc6187f5b467106e4572556dda5327f74610101a5e11b5ba91aa57ab51514ac4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
99e02b80b998fb1619570f8b7c1a4653

SHA1
a593223aefe8c9ef283d3691818e1d0e685db415

SHA256
4830be30ba210a99d9f37f2699bae23a89836759cd9468bd0f1b4fb79bac9f00

SHA512
a7dbe0fc01e1b60c80c64f924279989f573e9ace825ec0b31994f8bcd62259195c598905ec877977dd56c0312e8781d3f42c14322a975029c259f60ba7ee3a63

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
296cbb0b61a8e2cccac13865bdcb12cb

SHA1
2f3924279fd91ccae75aa5e5e7a51b058b516e3e

SHA256
eb7f2033186f0835a340c4f10b2ce4f4c62c3952ef3831fd6b4d4ab35d56962e

SHA512
fb8f0c7093c37e0151d368bd38a5fc65bc45ae1710a5167591e416f96465993641c149a5b5318ee48efd0abe5642ba8b00d515274917cf28714c247953c21058

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
aadd6c44ddd2ddcdddc9bcefe3faa003

SHA1
4c24b2417434ba81b2b5cbb3160da8c61be6b8ab

SHA256
1274fa1457053e4791f56eea2aba10191b2d576220bc81079e5e9baf6ba8fde2

SHA512
8b3e8ad9f3ce375d12f2766d75bcb8ecb17e9fa87d980848321b4e1feb271c19e150ad6ec3694868b632c65ed18d96d334896050c328c4c7d88db1cb3f5a2d84

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
c2e34dbfdcaf4c8cce76d9142b42a311

SHA1
895355bef833bdee5e3f444dcbe864d2f0db6274

SHA256
6d819190f9ff916c570674da94cab9e97b39427d4f6d34cb5c318df4183e39dc

SHA512
02f907e217b1818111e422a6ffdaeb75869dc19ee2f8d7af83c225223c590eff2dd8882315f6bc5aa7830bc5da36f8a02861fcdb3c94c5d35b3507336cd76327

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
aeb06d6b20f5e7cb95b5841ac71c9d33

SHA1
da0af39b96abcc2bd500fe44ddc32023d2f80bc2

SHA256
f8983ca4fce1ad53497ae63489835424f080f0948d379fa80667433c6c9bcd4b

SHA512
4ad6c5a1d0552c85fadd4754299790277057ca4311e7a46ed51e3c5ab60ab55609abfe2cfe9eaf3fd6f061350541748f1721500362f379e190e3cc192abecfde

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
874B

MD5
9d3a6e7e07439eefec4a6a0ed3fc0ef1

SHA1
64f5c8fdad7df187a675d86a42619c88e110dc7b

SHA256
b00ce5056b15163a826b246ba67731821e63117516cc4b5dfb676f2d44f15de4

SHA512
53829a2829149f1282d0b96eec7454b856f919925e2181ac404aece1b7826502475fcd3663e89c291976a408ccb0e421c2a4659114d785c5ac2e043a16f35bc4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
12939e76ecbe7dc68cea31a857e8ec20

SHA1
c004bb57c8834fe708422f39c3c83ac0df21c14d

SHA256
8527a8e313aded964b585fc09df9256ff928c0629a39ba0221be506a7476769f

SHA512
494e9ed648d14de72ecf40b64096c9895445e88911d23d35f46a436882d1c7ecae0d635037225bcb5a6da3769a2fb23ed0d8f5fceb229130669611aad92ef23f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
b8572be53b8533e086a3718de020c553

SHA1
48a2aadaf170d9cf1fe480632d8d8171f84350f0

SHA256
e56122a5ede0f8e9e6c03d520a4385c210708fac83f9064b56effa511771c319

SHA512
a975b2619a1f8b243f284baedb1106ca94c32b643587f0419059ce19366b5ba0290330602b80fe5f313d13a32a5a37ca7eb081b10d21ba9373fdcaa44b5b03d0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
2bf8bd05d67320b9d15b752037e43040

SHA1
962d52fbb42cb78f49423d47758693f1a2f7b81e

SHA256
16c2572f6aa9247a1d0a43640d29e84788baad5641f21219fdd461db2aed1c3d

SHA512
2b79d99125e6a5f358c42d3e2803ea0ea342ddbd6cdae7780887bc4b65b3d1b2aa0dc85760f50331f48bacc198f2533ad2013bec611195e5c52623a561da08d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\9377f1d7-049f-45b2-a5ba-65fd56bfe6cd\index-dir\the-real-index

Filesize
624B

MD5
e588e3105bb73c3e772d1fada37a8b21

SHA1
223a66c686325a6f1c63f72475375156ced9d55b

SHA256
7515f1d38110061738998659c2a4d0abd2a24c9a148bcb708e2ee20dee8554d8

SHA512
8af340252f449a072bb12ddaec7dc3acf7321ecfd32315ef461dba9960f245ffbcd11cdb3adc5ce43f4a2ccbc777082992a1ad1b5bd561907c49e330fab25be4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\9377f1d7-049f-45b2-a5ba-65fd56bfe6cd\index-dir\the-real-index~RFe5720f5.TMP

Filesize
48B

MD5
1c717cce67d13ed77e268dabcf290f25

SHA1
fa30281931b2a291b5f5cccfd7073649aede317a

SHA256
cd95388a1967e09fb51638dc32f01d25260b38c664b8104a85a2f8f0b2d34d3f

SHA512
f6c42f8db2b816c9538710bdeaba02acc9dbb3d050d5428be09219adad29bf3ff05d95a375b3a54e2bc1ecacb51f7376b28848e75078d393c73380ced14f759a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
56B

MD5
ae1bccd6831ebfe5ad03b482ee266e4f

SHA1
01f4179f48f1af383b275d7ee338dd160b6f558a

SHA256
1b11047e738f76c94c9d15ee981ec46b286a54def1a7852ca1ade7f908988649

SHA512
baf7ff6747f30e542c254f46a9678b9dbf42312933962c391b79eca6fcb615e4ba9283c00f554d6021e594f18c087899bc9b5362c41c0d6f862bba7fb9f83038

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
129B

MD5
886d4165e134a244ed60b11f92211d3f

SHA1
b0e20942d7be0abe110bed9a3b3118edc8c7aab0

SHA256
7a70757840856b6e284a0f62703f986ac64634d1c843156b38cb7923988f5759

SHA512
d8f0bc83d3c8c144659ea4305093a9a761c9d624d87126c90f73961ed04d63edba8cbd4ab730407cfcb2126b7f53b12a2d87f2da0804e82fee8033af7cdb8970

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
125B

MD5
3b22af01837b13e5f9f07799a76a5faf

SHA1
1d34652e875c41a7aa43a53c0c6d5caf92c10355

SHA256
53ac7e800df722ac98b718c61d456a4f0bae47801aedc7c6e72e53f7bc21ebaf

SHA512
f02d88de7de754e40ee0f16ade0e4bc4acf5b01632b37d764f3fe00c83f3bd4e2fe5a829e0699c4003d7e29211d72dd6b4e80c0fc7cca7b3c01b606781367e2b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe56c400.TMP

Filesize
120B

MD5
affa951a67ce0d5c9de2d9d8eb60e478

SHA1
7fa78d1b9271bc7646aaa461452c37eb00b432a8

SHA256
077e3ea2ce451d5ee3bc44787b3c428553ae068c64c7f562d14b34c0beb7a5bb

SHA512
128f5e1a3447a5916ec6cb44c1f8ff6a95d72df9af58c395b5332b097e38daee62f9edb6578ac5b5b6eb71baba44edc75f40a25577c36be16dc7ef267a97c613

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_0

Filesize
14KB

MD5
968ebc18c1f235d00b4466fe882c01f3

SHA1
b3be0968b818b166abba0051b4dc48dfd3d0f2e5

SHA256
9d828793fa0bec86d00d6ff39893f90093c86d08df1bfbdcb124d768f51b7c18

SHA512
77ac3a75d6a38d72eb9ff093868a5114fd449ad02c9a4efcef242846742e2f7fb4e1dd22380fff57022a1374f5932b5f658f78eb5db2917ae9e71b928eee02f5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_1

Filesize
8KB

MD5
3d367f74d726130b6bb40d967f103fb1

SHA1
8300ee64502d4244a3f27074689805bfe127bf32

SHA256
71790ec8d8606ca52f5dafe1655185fb7a75149f80fa419eaaa034b6d2b1a6b3

SHA512
0e86f23e2510958655a0cfb4b4adc555ff1b257c23ce1bc7e3e19114388873068e7ba9bc2b1d53a5242dd0308438f3bdf05e2badebd7cb98297e998270e22394

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\4cb013792b196a35_0

Filesize
137KB

MD5
4283940e2c1edf239674b9424ed25873

SHA1
c9c8ec7d9a1639890f0463e92dbc1202f5ba67d2

SHA256
68eda7d7b42738bbd0020de27f5f3564e28fd9b146d134ac54873c9bc53daeb5

SHA512
35e70e0bc751018431b527fe325e36bfde296ef3e2fa41a90f8d932a35ca9d7ccb4359bd8750e97653bcd98b981392d5cfbe16973a0fc874dc1cb5b14e76e249

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\4cb013792b196a35_1

Filesize
336KB

MD5
1cefb61d33557c83f3eb37682e454e8c

SHA1
cfa1327b53966f4f54e3c4b2959d44c191fc5d7f

SHA256
e9ac9821a3a76bffcaa5a460527efd8c37b426aa27a23748f991e82eea4e455b

SHA512
8e8aa45bd0a1c5997b0188fe7020c5a49b20563c8f2e0941b8d07db6458cb095e7d68090a8b75efea3708efa8c11ae9685f5898f44ed48d19be0b476e6431dfa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
b3d9ff197f6db7d40168855705d37d84

SHA1
653a888adfd51108716be47f48067c8c97302b68

SHA256
234223554a2409dc4a52a2fb0ba05e9bd1763e4afe4722c2f1a22277a1c8494e

SHA512
33780cd865a0c3aab285025d8ff114ac4bf77eadeef2706e6329da71d1641417eed7e0723aabdf6dc6fdc2dabd23cb14e134c6af10328430b086526e0fa42144

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5714d0.TMP

Filesize
48B

MD5
f7224717f29486713fb4f69d33dcf2f0

SHA1
2a5fc498cc67116d33c35f4a99773166f0db2848

SHA256
630ee41c11abd378a473fa373aa04dc45178d23dd8e72e6eb319ddb332fb506c

SHA512
cbfe65499be7edee9e6f0fc43438d35d87dcaa98f19ff504bad9e583db178f3e5ca3484fdf97a53c1329b17700ed6dc1ecddbefdeee8c2a8be3c295af96dcbce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir3368_1209061505\Shortcuts Menu Icons\Monochrome\0\512.png

Filesize
2KB

MD5
12a429f9782bcff446dc1089b68d44ee

SHA1
e41e5a1a4f2950a7f2da8be77ca26a66da7093b9

SHA256
e1d7407b07c40b5436d78db1077a16fbf75d49e32f3cbd01187b5eaaa10f1e37

SHA512
1da99c5278a589972a1d711d694890f4fd4ec4e56f83781ab9dee91ba99530a7f90d969588fa24dce24b094a28bdecbea80328cee862031a8b289f3e4f38ce7a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir3368_1209061505\Shortcuts Menu Icons\Monochrome\1\512.png

Filesize
10KB

MD5
7f57c509f12aaae2c269646db7fde6e8

SHA1
969d8c0e3d9140f843f36ccf2974b112ad7afc07

SHA256
1d5c9f67fe93f9fcc1a1b61ebc35bda8f98f1261e5005ae37af71f42aab1d90f

SHA512
3503a0f4939bed9e1fd5e086b17d6de1063220dffdab2d2373aa9582a2454a9d8f18c1be74442f4e597bdba796d2d69220bd9e6be632a15367225b804187ea18

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir3368_1341949384\Icons Monochrome\16.png

Filesize
216B

MD5
a4fd4f5953721f7f3a5b4bfd58922efe

SHA1
f3abed41d764efbd26bacf84c42bd8098a14c5cb

SHA256
c659d57841bb33d63f7b1334200548f207340d95e8e2ae25aac7a798a08071a3

SHA512
7fcc1ca4d6d97335e76faa65b7cfb381fb722210041bdcd3b31b0f94e15dc226eec4639547af86ae71f311f52a956dc83294c2d23f345e63b5e45e25956b2691

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
199KB

MD5
6a960c1b9c6cdf61c9e0035de6e84b5e

SHA1
21e93139be600d738495c555cf65ec784c37ed52

SHA256
79adac115213a60dae459b051c0f64d6286193780c1f8931679396eaf504a2ef

SHA512
0a9dcf92d41a8c6fa20d9b5422a3ae9ce002e657fb3f902164e1ce6f2d1b2845a2a89df1eefafee4cc8040eee30d4b9e52570f67f29a5da820538aa8ee889311

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit