hxxp://YouTube[.]com

Analysis

max time kernel
599s
max time network
598s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
20/04/2023, 09:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://YouTube.com

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133264634283844700"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2275444769-3691835758-4097679484-1000\{95D95049-FA0B-44A7-B12F-6C17FB78172C}	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
3196	chrome.exe
3196	chrome.exe
4012	chrome.exe
4012	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
3196	chrome.exe
3196	chrome.exe
3196	chrome.exe
3196	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3196	chrome.exe
Token: SeCreatePagefilePrivilege	3196	chrome.exe
Token: SeShutdownPrivilege	3196	chrome.exe
Token: SeCreatePagefilePrivilege	3196	chrome.exe
Token: SeShutdownPrivilege	3196	chrome.exe
Token: SeCreatePagefilePrivilege	3196	chrome.exe
Token: SeShutdownPrivilege	3196	chrome.exe
Token: SeCreatePagefilePrivilege	3196	chrome.exe
Token: SeShutdownPrivilege	3196	chrome.exe
Token: SeCreatePagefilePrivilege	3196	chrome.exe
Token: SeShutdownPrivilege	3196	chrome.exe
Token: SeCreatePagefilePrivilege	3196	chrome.exe
Token: 33	1304	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1304	AUDIODG.EXE
Token: SeShutdownPrivilege	3196	chrome.exe
Token: SeCreatePagefilePrivilege	3196	chrome.exe
Token: SeShutdownPrivilege	3196	chrome.exe
Token: SeCreatePagefilePrivilege	3196	chrome.exe
Token: SeShutdownPrivilege	3196	chrome.exe
Token: SeCreatePagefilePrivilege	3196	chrome.exe
Token: SeShutdownPrivilege	3196	chrome.exe
Token: SeCreatePagefilePrivilege	3196	chrome.exe
Token: SeShutdownPrivilege	3196	chrome.exe
Token: SeCreatePagefilePrivilege	3196	chrome.exe
Token: SeShutdownPrivilege	3196	chrome.exe
Token: SeCreatePagefilePrivilege	3196	chrome.exe
Token: SeShutdownPrivilege	3196	chrome.exe
Token: SeCreatePagefilePrivilege	3196	chrome.exe
Token: SeShutdownPrivilege	3196	chrome.exe
Token: SeCreatePagefilePrivilege	3196	chrome.exe
Token: SeShutdownPrivilege	3196	chrome.exe
Token: SeCreatePagefilePrivilege	3196	chrome.exe
Token: SeShutdownPrivilege	3196	chrome.exe
Token: SeCreatePagefilePrivilege	3196	chrome.exe
Token: SeShutdownPrivilege	3196	chrome.exe
Token: SeCreatePagefilePrivilege	3196	chrome.exe
Token: SeShutdownPrivilege	3196	chrome.exe
Token: SeCreatePagefilePrivilege	3196	chrome.exe
Token: SeShutdownPrivilege	3196	chrome.exe
Token: SeCreatePagefilePrivilege	3196	chrome.exe
Token: SeShutdownPrivilege	3196	chrome.exe
Token: SeCreatePagefilePrivilege	3196	chrome.exe
Token: SeShutdownPrivilege	3196	chrome.exe
Token: SeCreatePagefilePrivilege	3196	chrome.exe
Token: SeShutdownPrivilege	3196	chrome.exe
Token: SeCreatePagefilePrivilege	3196	chrome.exe
Token: SeShutdownPrivilege	3196	chrome.exe
Token: SeCreatePagefilePrivilege	3196	chrome.exe
Token: SeShutdownPrivilege	3196	chrome.exe
Token: SeCreatePagefilePrivilege	3196	chrome.exe
Token: SeShutdownPrivilege	3196	chrome.exe
Token: SeCreatePagefilePrivilege	3196	chrome.exe
Token: SeShutdownPrivilege	3196	chrome.exe
Token: SeCreatePagefilePrivilege	3196	chrome.exe
Token: SeShutdownPrivilege	3196	chrome.exe
Token: SeCreatePagefilePrivilege	3196	chrome.exe
Token: SeShutdownPrivilege	3196	chrome.exe
Token: SeCreatePagefilePrivilege	3196	chrome.exe
Token: SeShutdownPrivilege	3196	chrome.exe
Token: SeCreatePagefilePrivilege	3196	chrome.exe
Token: SeShutdownPrivilege	3196	chrome.exe
Token: SeCreatePagefilePrivilege	3196	chrome.exe
Token: SeShutdownPrivilege	3196	chrome.exe
Token: SeCreatePagefilePrivilege	3196	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
3196	chrome.exe
3196	chrome.exe
3196	chrome.exe
3196	chrome.exe
3196	chrome.exe
3196	chrome.exe
3196	chrome.exe
3196	chrome.exe
3196	chrome.exe
3196	chrome.exe
3196	chrome.exe
3196	chrome.exe
3196	chrome.exe
3196	chrome.exe
3196	chrome.exe
3196	chrome.exe
3196	chrome.exe
3196	chrome.exe
3196	chrome.exe
3196	chrome.exe
3196	chrome.exe
3196	chrome.exe
3196	chrome.exe
3196	chrome.exe
3196	chrome.exe
3196	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3196	chrome.exe
3196	chrome.exe
3196	chrome.exe
3196	chrome.exe
3196	chrome.exe
3196	chrome.exe
3196	chrome.exe
3196	chrome.exe
3196	chrome.exe
3196	chrome.exe
3196	chrome.exe
3196	chrome.exe
3196	chrome.exe
3196	chrome.exe
3196	chrome.exe
3196	chrome.exe
3196	chrome.exe
3196	chrome.exe
3196	chrome.exe
3196	chrome.exe
3196	chrome.exe
3196	chrome.exe
3196	chrome.exe
3196	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3196 wrote to memory of 3040	3196	chrome.exe	84
PID 3196 wrote to memory of 3040	3196	chrome.exe	84
PID 3196 wrote to memory of 2220	3196	chrome.exe	85
PID 3196 wrote to memory of 2220	3196	chrome.exe	85
PID 3196 wrote to memory of 2220	3196	chrome.exe	85
PID 3196 wrote to memory of 2220	3196	chrome.exe	85
PID 3196 wrote to memory of 2220	3196	chrome.exe	85
PID 3196 wrote to memory of 2220	3196	chrome.exe	85
PID 3196 wrote to memory of 2220	3196	chrome.exe	85
PID 3196 wrote to memory of 2220	3196	chrome.exe	85
PID 3196 wrote to memory of 2220	3196	chrome.exe	85
PID 3196 wrote to memory of 2220	3196	chrome.exe	85
PID 3196 wrote to memory of 2220	3196	chrome.exe	85
PID 3196 wrote to memory of 2220	3196	chrome.exe	85
PID 3196 wrote to memory of 2220	3196	chrome.exe	85
PID 3196 wrote to memory of 2220	3196	chrome.exe	85
PID 3196 wrote to memory of 2220	3196	chrome.exe	85
PID 3196 wrote to memory of 2220	3196	chrome.exe	85
PID 3196 wrote to memory of 2220	3196	chrome.exe	85
PID 3196 wrote to memory of 2220	3196	chrome.exe	85
PID 3196 wrote to memory of 2220	3196	chrome.exe	85
PID 3196 wrote to memory of 2220	3196	chrome.exe	85
PID 3196 wrote to memory of 2220	3196	chrome.exe	85
PID 3196 wrote to memory of 2220	3196	chrome.exe	85
PID 3196 wrote to memory of 2220	3196	chrome.exe	85
PID 3196 wrote to memory of 2220	3196	chrome.exe	85
PID 3196 wrote to memory of 2220	3196	chrome.exe	85
PID 3196 wrote to memory of 2220	3196	chrome.exe	85
PID 3196 wrote to memory of 2220	3196	chrome.exe	85
PID 3196 wrote to memory of 2220	3196	chrome.exe	85
PID 3196 wrote to memory of 2220	3196	chrome.exe	85
PID 3196 wrote to memory of 2220	3196	chrome.exe	85
PID 3196 wrote to memory of 2220	3196	chrome.exe	85
PID 3196 wrote to memory of 2220	3196	chrome.exe	85
PID 3196 wrote to memory of 2220	3196	chrome.exe	85
PID 3196 wrote to memory of 2220	3196	chrome.exe	85
PID 3196 wrote to memory of 2220	3196	chrome.exe	85
PID 3196 wrote to memory of 2220	3196	chrome.exe	85
PID 3196 wrote to memory of 2220	3196	chrome.exe	85
PID 3196 wrote to memory of 2220	3196	chrome.exe	85
PID 3196 wrote to memory of 2192	3196	chrome.exe	86
PID 3196 wrote to memory of 2192	3196	chrome.exe	86
PID 3196 wrote to memory of 1448	3196	chrome.exe	87
PID 3196 wrote to memory of 1448	3196	chrome.exe	87
PID 3196 wrote to memory of 1448	3196	chrome.exe	87
PID 3196 wrote to memory of 1448	3196	chrome.exe	87
PID 3196 wrote to memory of 1448	3196	chrome.exe	87
PID 3196 wrote to memory of 1448	3196	chrome.exe	87
PID 3196 wrote to memory of 1448	3196	chrome.exe	87
PID 3196 wrote to memory of 1448	3196	chrome.exe	87
PID 3196 wrote to memory of 1448	3196	chrome.exe	87
PID 3196 wrote to memory of 1448	3196	chrome.exe	87
PID 3196 wrote to memory of 1448	3196	chrome.exe	87
PID 3196 wrote to memory of 1448	3196	chrome.exe	87
PID 3196 wrote to memory of 1448	3196	chrome.exe	87
PID 3196 wrote to memory of 1448	3196	chrome.exe	87
PID 3196 wrote to memory of 1448	3196	chrome.exe	87
PID 3196 wrote to memory of 1448	3196	chrome.exe	87
PID 3196 wrote to memory of 1448	3196	chrome.exe	87
PID 3196 wrote to memory of 1448	3196	chrome.exe	87
PID 3196 wrote to memory of 1448	3196	chrome.exe	87
PID 3196 wrote to memory of 1448	3196	chrome.exe	87
PID 3196 wrote to memory of 1448	3196	chrome.exe	87
PID 3196 wrote to memory of 1448	3196	chrome.exe	87

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" http://YouTube.com
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd7c709758,0x7ffd7c709768,0x7ffd7c709778
  2⤵
  PID:3040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1800 --field-trial-handle=1836,i,8209890685329510257,17329610454548869909,131072 /prefetch:2
  2⤵
  PID:2220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 --field-trial-handle=1836,i,8209890685329510257,17329610454548869909,131072 /prefetch:8
  2⤵
  PID:2192
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2144 --field-trial-handle=1836,i,8209890685329510257,17329610454548869909,131072 /prefetch:8
  2⤵
  PID:1448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3096 --field-trial-handle=1836,i,8209890685329510257,17329610454548869909,131072 /prefetch:1
  2⤵
  PID:3404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3100 --field-trial-handle=1836,i,8209890685329510257,17329610454548869909,131072 /prefetch:1
  2⤵
  PID:1484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4532 --field-trial-handle=1836,i,8209890685329510257,17329610454548869909,131072 /prefetch:1
  2⤵
  PID:904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3112 --field-trial-handle=1836,i,8209890685329510257,17329610454548869909,131072 /prefetch:1
  2⤵
  PID:2808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3404 --field-trial-handle=1836,i,8209890685329510257,17329610454548869909,131072 /prefetch:8
  2⤵
  PID:2856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3424 --field-trial-handle=1836,i,8209890685329510257,17329610454548869909,131072 /prefetch:8
  2⤵
  PID:3292
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5212 --field-trial-handle=1836,i,8209890685329510257,17329610454548869909,131072 /prefetch:8
  2⤵
  - Modifies registry class
  PID:2080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5424 --field-trial-handle=1836,i,8209890685329510257,17329610454548869909,131072 /prefetch:8
  2⤵
  PID:1144
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5532 --field-trial-handle=1836,i,8209890685329510257,17329610454548869909,131072 /prefetch:8
  2⤵
  PID:2680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5252 --field-trial-handle=1836,i,8209890685329510257,17329610454548869909,131072 /prefetch:8
  2⤵
  PID:912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5008 --field-trial-handle=1836,i,8209890685329510257,17329610454548869909,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4012

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4132

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x44c 0x3fc
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1304

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000c

Filesize
40KB

MD5
3fe899ef22bfb98e025431bdaf2a2186

SHA1
54c08bee462eaa08ff9e05facf291d3bba386acd

SHA256
cff72a6b0ee374dff669dcf613006ee66fe1ea1e68db62bcef565f19ba0873d8

SHA512
dd0b98935912679009838eeef5788f0151b8c8f84622344d75d62fcdd9a28fdc24bbcdd225eb27ed153b88451536a178070b902c1dc2cccc79b701232a757c32

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000013

Filesize
54KB

MD5
26b4ff5f5be98ef5d2009ed843e00a0f

SHA1
3b9485101383a3e2fab9d4ae7f5df1d0730d6a46

SHA256
9641f9c0c7c1257fe85afd15e4b7d50facaab317d156200ee05083317a6af103

SHA512
fa9aa99043bd38f3608ea00691209af107fd43bf062320621194c49fbd43de42a2b11b141ea4768783a395983ba8e8f46d507fb5f9d961f3afcf4d48bac28486

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000015

Filesize
57KB

MD5
0a9c64f8363f7ffef377dd7f915fe8cd

SHA1
f49a854af18ec03a21c0b74467cdf35b0218adb9

SHA256
e5a5a69713f76d5740572c3ed385c231954e6419070dd10e5def97cfb0b2dc88

SHA512
7245e432445370a18ac2a13aa789781c03f9e6ed34eb1efd3dd6dbc2602ce17f1953356878ea049b6010a25354543af74358a4e6809b6b6336ebdd6e7c6a2080

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000017

Filesize
22KB

MD5
0ef9a05ced58be18926dd29eee21081f

SHA1
141d7dd57a8dd5553bc5b44eb488949e8b68fda8

SHA256
82642bdb03f6171212ad3cf0e84c2572b280fdc4488e96650c950f2120ae5fb8

SHA512
26bb460846247b2c5b92f2922b3d3225c9462be3c726c57635e6cfb9954a7da22d27b8f15bfd94be8dbe68fbaa73d90345b0a440ffc2e338de2ffa39ee6ea114

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
480B

MD5
627d918f793d0c2df11c64f0a27b2761

SHA1
e35935c5616246f2c022cd3596817fef56dc6f8a

SHA256
2036c97489de3d3d7fc02956212c76c49934797164d635eca9918745cd291c0f

SHA512
86b4036e90cc84c5a2679790ae1ca2936707cb2c44f9965bbfd2f51050749a7c63c8834eec449356023614820d49605d3ed64fcfbc434a50732756aae61c267b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
331af894909088c38ce5da4584351e91

SHA1
878ba28973cf1fbca89e01d1312195d930d517d6

SHA256
25a6b7192adc88a149cb7a0c6a513a0ac66ba34a20126454507257f165793efa

SHA512
3ad567739d0d4405deaea17333d53251459c1cd994b3a91bc3f67e1a283d61de1f77638aa5fe7b6b52e7895b8692a71f3878703c8df1d6100fdb1d39168df8a2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
9740b45025abef9fdbaf86726cd26cf7

SHA1
1c2f9b97e987adf0c035762e52ea0883cdf90829

SHA256
4088a6acec24b87b0b67fa53bf0747a7caa2a69a5f1f5aa6cb76928a777997c5

SHA512
53d133e70a1b070da1fc0d9fe7e0f0caf7ff63a37fc374452f1dd2b3e648c22e7640199388da22cfdbbb5eb43ebddf9d2ee738bdd9a7a317e825f850fae08b40

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
5239155a494a536d632ab5e0f7980c04

SHA1
7c73dbb91b8b1d19abfd59400bad5248d8b78bf2

SHA256
59b3f80b8e52df499d2799b5e69e4d3ae2d27c0dd2dfabca1b7d02a71c9592e6

SHA512
30b4a42251291bbda642084adf08c92d943fd023f5023f81260e19f33c48f1e843c6668e0c0dac9cd550128b1f4e02c9f7c2cd77f84cf42b72e59a1404c85590

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
7252be2384b131c8504bf8f34d5ba3b9

SHA1
5c70e9259bdd102a11badbc16110e08195bf261e

SHA256
6821907574a2c3c98e78905cb24f9446e31fbcaf1a28fdfde69e5cf4bab3fcd8

SHA512
c19a3b005743152f35d505997068aae2ef06ff7f243380c5645d90319fde12701252d4f181adde24d71daf7067d8d71e133ad22134ae55f933bf2003fa704515

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
cf54df6099d6ff0ab6659e839bc6b973

SHA1
6dcb5972d5a51dbe2dba9e8d00ce0173a127af0d

SHA256
a46761ca4a0fc515157f7ad6464c370064ca63058cb68b539927db324030ee0d

SHA512
59e4d4da42dbc47a172ef488d46a5685fda3068480b7c84513bdbaa68c6b064c962cc8d22853b775e59058f29c564be090a03152a6c247d6c49c6283eea22e1b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
acca93244f6dcdd994a3924e85344558

SHA1
ef1ebbd961c0f6883cfd5a85eeb8db28813d4732

SHA256
382124eddff4e52531bc51fe214031461d84ec243bbbbfab85bc08cd114ec6c6

SHA512
5f6a4eaee32403454d6253f53efdafc5e971809bd5834a9b55284d9d8132cbb1d075001a520823363cece4d4ffc0dd86a4ea23e193f8eec527fc4c0a63a2f8ba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
275088442eead0d47267786212b7e861

SHA1
ad1dadd7434eabdd3814e08da4324dc82dc89f1b

SHA256
2b2812d92b3ded9477c64f2841ecd30f89180d4236dc1843abc9b1c9ba176b0e

SHA512
982d59f3ec87c177570f9a6f4562252f8b79ac0288fb377cbac4ee6f8f592da0e53263277f06f7172f4fbd3deef4d7cf737b3eea0d9d6ba71d2a670bc80552c1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
3a9fb34161538662027df0bd5e05ddf5

SHA1
c8b6a37df31f1678fe94a9e01b95ae6c407e1ef0

SHA256
283df893285721adfa18bfef9f7c2dda8cd9744db36db13ca6250159caa25f8a

SHA512
4cf63f71d2d16ef24c82f036f386b02a7bc5e5a2ab4f302d233db6e653d1cb0cb254d2bd0a5b9530d08535704cf3f9a66a924509be84924a427edce6651ef766

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
8a7974c5815016eacf287c34452f6a87

SHA1
da3df0046fd29e827dec929c9e61663fc2341f33

SHA256
073facee692a9603854a87340e265878d3f5fbfc36b0f9f113a01bcc9939afd9

SHA512
0e3e911d1f5303cf31d56e6ee5bc4dce07533b4eea96387371fc3d2a99149f4f3787ee89a49ce5780583bd21e5f9e805b19f3da168f81141c6839a495b4cec24

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
874B

MD5
5c016bd91cdbf2778cdb03765196dc3c

SHA1
a40e9565728609be11442ea81a0b10eddacaf5e3

SHA256
69746d6c8c814ee0f1e2ebf4ae8e082cfc3dc3afc2fd461af0bbdc3e01c4c8f7

SHA512
b04171bad3174cb886f71026e72087d1e87e4d3adab35dfc93e0e353acb56c34b5e26d6cced32ed2636596ad090494658b1124a3c3b863ce62e22e36341fe735

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
874B

MD5
9c2b975b882364f9503e6e9acc4aecb3

SHA1
6e012e6aa8c64665385bc91aa707d0976c0eb000

SHA256
940417f916c63d2606bbb08415dd5759bd4ce73fb9e572854f14f59fbb3e4294

SHA512
5e794952ad65b52283608db8a2c8e46695cbe4598d0616b5621cbc24071614fb40fef0123b90233315a00d6330c00a6e68b71796ab1fded7818bc0d634a306f8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
364e1fee71c80466bc976768d8d4ef28

SHA1
54effa8052d539ad90b3b25db8e8ea4d28310de9

SHA256
35c363487f6af980f8235b3c74d7092df93e03b7193871ff1c92e4508ca89aba

SHA512
15735f902b25f7778ec8c901ca3704dc391bea9bd9547dd78f2432043d3f6c4a817b5f16f9f0bb878631fdcddcd3a8f7683b8f4e82480e6a08b0198286345161

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
b8572be53b8533e086a3718de020c553

SHA1
48a2aadaf170d9cf1fe480632d8d8171f84350f0

SHA256
e56122a5ede0f8e9e6c03d520a4385c210708fac83f9064b56effa511771c319

SHA512
a975b2619a1f8b243f284baedb1106ca94c32b643587f0419059ce19366b5ba0290330602b80fe5f313d13a32a5a37ca7eb081b10d21ba9373fdcaa44b5b03d0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
b43d661cb4de33c688c4baa601ccee9c

SHA1
fabd6bf9f1799d0b94a77d6a30b4c2c9b4c08a36

SHA256
4596cecadae9647f952d14e259f7182b44b93d39aad9e0d2012b0c5b42892b72

SHA512
472e029220d298b37d3e7e494f88f4b0508ff47bc17f001941cf5466d4338accbf6e87d476a54c1d37549b6e03040a7344a78dfc2b0070bd0ff0196d2778a00a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\d908ce8d-11c8-4e9d-bf0c-51daab241bf9\index-dir\the-real-index

Filesize
624B

MD5
d673ca9512f118be08ad654ced9a23a0

SHA1
58b091758c9559d97050185b2e14af2d6dbabddf

SHA256
6e3c13ee7b259ee6bcc0f76145b729b7035cc4ec6093c4df074159f6bb2689b8

SHA512
7eb86a3a4d36a5b99ebf8abf5652253e9edaa7100c1c783f5866b82274b0650e4587e38795f91f8987cd686a96d99256fa7375eb6b98c0ad5ccaadd934f99c4e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\d908ce8d-11c8-4e9d-bf0c-51daab241bf9\index-dir\the-real-index~RFe56f4e4.TMP

Filesize
48B

MD5
2017bac34f437b835fcafe2cff4e58f3

SHA1
cd66cb63c00b919a55821b39d2c87099de3fb4f5

SHA256
38e711059ba6cda7a2bc4a2abf07112b9ee4de6593a126513fa7d72df44a5c49

SHA512
a9fdce6085a09da325201e2ad94b09bc0a86aa069772c9f69f425aa17e5bdd4e61e617cf8441aa98c3a59c08ac7fdd6a0c879e6bf5f22d86fe274747f59adb8f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
56B

MD5
ae1bccd6831ebfe5ad03b482ee266e4f

SHA1
01f4179f48f1af383b275d7ee338dd160b6f558a

SHA256
1b11047e738f76c94c9d15ee981ec46b286a54def1a7852ca1ade7f908988649

SHA512
baf7ff6747f30e542c254f46a9678b9dbf42312933962c391b79eca6fcb615e4ba9283c00f554d6021e594f18c087899bc9b5362c41c0d6f862bba7fb9f83038

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
129B

MD5
7c69670e2c076796f29bd93c0fdecf29

SHA1
5af46beed61f38eff98c818212ece980e7091083

SHA256
434fe1d28eb0768fe450dfdb5ecdfb9c6921cdc04eb65a121184a1d892533052

SHA512
491287f0f9e459bc8996cfa80a1ef426cb516a2623eb79eaf9a41ba168a17992ed8eb9320d1fce6ab4bc84f8bf71dc3e7c4fc3c0de29f07dca1361a6f0c2aa9d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
125B

MD5
568cfed3321b612b34c15823741a5553

SHA1
85c3861f89d421b5437a50e352d1aa921cf1461a

SHA256
33036a9ce73ba5a8cffe10fdd6b0cc9640975c4f3828a693991c4021e9f30f82

SHA512
4da46d131e6c1b4de726194892ba23ca142ec9a40eb5d15f24e21b72e93905d744f2f8a6b3ba37cde543c359bcad7e51ffd47dcc057633fc7f58fd9680ac3c74

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe56963a.TMP

Filesize
120B

MD5
d89685e2fa94e589ea0beca1f5f355bd

SHA1
cef7d0df2660816d20a0bb9c6b0d4eb53131ee73

SHA256
e257d556f8659c8774398f72a388ae4dfef9471e3b26f457a1efdf3c498bad8d

SHA512
e1f1c69ffeee18c66d2ce8b8c5044a44ec0bc51d98de90fb5dcfb0445701641c980487450a44ff40d4eb7a1268b00a57ceb55b3cf604459ed2c03f0b75cf3ff3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
60b5d82763bf72dfc813716450e7c4d7

SHA1
4a414de470e11b15e7a9dfd990a9a0ee1718a215

SHA256
62fa029e41bc3047e7de76a8b6702ddc6c77e7307225e1a3971767c7d40b3543

SHA512
03b34d419210b90251ff20b3532c1c7336628bec0d8c67e935d44f061e0b8d0c8bd41abbaab163a44adff437c897b1fb28adccbe8036864f056ed9d96b55499e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe56e757.TMP

Filesize
48B

MD5
4dd010b105aeb9d92c44bc7b0d27cb58

SHA1
0199912af15c2fba5729ed810d23e81f6816244e

SHA256
5442086b86f7a1c7a35da69b2eacf55a089f9b53cfb2b01d42fa0d87e50cb26c

SHA512
59fbeda412dbe2a7a3714e87855e28ce22240f44b905f2e0f7bf6cccd75a3e77b1723faad8b0e568e96bc02c8585c6d9673f93d9003bc789bb44cc1d63c5ee93

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir3196_291475446\Icons Monochrome\16.png

Filesize
216B

MD5
a4fd4f5953721f7f3a5b4bfd58922efe

SHA1
f3abed41d764efbd26bacf84c42bd8098a14c5cb

SHA256
c659d57841bb33d63f7b1334200548f207340d95e8e2ae25aac7a798a08071a3

SHA512
7fcc1ca4d6d97335e76faa65b7cfb381fb722210041bdcd3b31b0f94e15dc226eec4639547af86ae71f311f52a956dc83294c2d23f345e63b5e45e25956b2691

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir3196_665685593\Shortcuts Menu Icons\Monochrome\0\512.png

Filesize
2KB

MD5
12a429f9782bcff446dc1089b68d44ee

SHA1
e41e5a1a4f2950a7f2da8be77ca26a66da7093b9

SHA256
e1d7407b07c40b5436d78db1077a16fbf75d49e32f3cbd01187b5eaaa10f1e37

SHA512
1da99c5278a589972a1d711d694890f4fd4ec4e56f83781ab9dee91ba99530a7f90d969588fa24dce24b094a28bdecbea80328cee862031a8b289f3e4f38ce7a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir3196_665685593\Shortcuts Menu Icons\Monochrome\1\512.png

Filesize
10KB

MD5
7f57c509f12aaae2c269646db7fde6e8

SHA1
969d8c0e3d9140f843f36ccf2974b112ad7afc07

SHA256
1d5c9f67fe93f9fcc1a1b61ebc35bda8f98f1261e5005ae37af71f42aab1d90f

SHA512
3503a0f4939bed9e1fd5e086b17d6de1063220dffdab2d2373aa9582a2454a9d8f18c1be74442f4e597bdba796d2d69220bd9e6be632a15367225b804187ea18

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
200KB

MD5
fe456d04484e7e98b829afbaee702ba1

SHA1
1b053c544e4d9d7f3fd592c7b231290609f7c94a

SHA256
acaf259158feeeff32970341fb03bb271bf45d933a973e58408581bddf3f9b6a

SHA512
803f29ff53116f7f0219d3b0b90cea4977dd3871cc5b78ad78d7f970dc99ee1b854a013f5957bb1a167f52e8229b0018626bc06f14fab50f6cb7d857ba34d981

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit